Close Open Privacy Scan

bolt Snapshot: commit 5f9906f
science engine v1.5
schedule 2026-07-14T04:25:55.915749+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code. Dependency data flows are listed separately and do not affect this verdict.

smart_toy MCP server detected: anthropic, fastmcp, litellm, mcp +1 more — detected in dependencies, not a safety judgment.

App Privacy Score

82 /100
Low privacy risk

Low risk · 5921 finding(s)

Dependency score: 0 (High risk)

bar_chart Score Breakdown

telemetry −10
egress −5
env_fs −3

list Scan Summary

32 high 804 medium 5085 low
First-party packages: 2
Dependency packages: 87
Ecosystem: python

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (32)
high mcp dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
high openai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:221 pkgs/python/[email protected]/src/openai/lib/azure.py:258
high openai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:506 pkgs/python/[email protected]/src/openai/lib/azure.py:543
high poetry dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/poetry/utils/authenticator.py:197 pkgs/python/[email protected]/src/poetry/utils/authenticator.py:200
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:176 pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:192
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:504 pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:519
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1042 pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1051
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:592 pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:38 pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:41
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:208 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:218
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:274 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:283
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:405 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:414
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:616 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:628
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2193 pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2223
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:162 pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:103 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:100
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:128 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:125
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:188 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:185
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:212 pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:209
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:123 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:121
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:144 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:142
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:200 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:198
high litellm dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:225 pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:223
high anthropic dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384 pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384
high anthropic dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179 pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179
high openhands-sdk dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:129 pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:130
high google-cloud-aiplatform dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1851 pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1848
high google-cloud-aiplatform dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1803 pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1800
high google-cloud-aiplatform dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1845 pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1842
high google-cloud-aiplatform dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1960 pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1957
high google-cloud-aiplatform dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1794 pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1791

</> First-Party Code

first-party (python)

python first-party
medium telemetry production #a27703710e79efea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/openhands/analytics/analytics_service.py:18
from posthog import Posthog

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 184 low-confidence finding(s)
low env_fs test-only #545b9972cb891a68 Environment-variable access.
repo/.github/scripts/find_prs_between_commits.py:45
    if 'OPENHANDS_REPO' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed8eb3a74a74377e Environment-variable access.
repo/.github/scripts/find_prs_between_commits.py:46
        repo_path = Path(os.environ['OPENHANDS_REPO'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dcf5432b98af6d6e Environment-variable access.
repo/.github/scripts/find_prs_between_commits.py:103
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a422706eb3c87edd Filesystem access.
repo/openhands/analytics/oss_install_id.py:25
            stored = id_file.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a09841d4084ae2a Filesystem access.
repo/openhands/analytics/oss_install_id.py:34
        id_file.write_text(new_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a565a4c104af69b7 Environment-variable access.
repo/openhands/app_server/app.py:75
if os.getenv('SERVE_FRONTEND', 'true').lower() == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bef1897a6ead98f Filesystem access.
repo/openhands/app_server/app_conversation/app_conversation_router.py:1194
            with open(temp_file_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c06ab44712add533 Environment-variable access.
repo/openhands/app_server/config.py:77
    persistence_dir = os.getenv('OH_PERSISTENCE_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d60e8d3975d20862 Environment-variable access.
repo/openhands/app_server/config.py:81
        persistence_dir = os.getenv('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29e911d5ddb54d83 Environment-variable access.
repo/openhands/app_server/config.py:97
    web_host = os.getenv('WEB_HOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6c63232704821e4 Environment-variable access.
repo/openhands/app_server/config.py:110
    legacy = os.getenv('PERMITTED_CORS_ORIGINS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00f7e21d10a4044b Environment-variable access.
repo/openhands/app_server/config.py:121
    return os.getenv('OPENHANDS_PROVIDER_BASE_URL') or os.getenv('LLM_BASE_URL') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8d065b2e96c7af1 Environment-variable access.
repo/openhands/app_server/config.py:129
    return os.getenv('TAVILY_API_KEY') or os.getenv('SEARCH_API_KEY') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed7f188a0998768d Environment-variable access.
repo/openhands/app_server/config.py:177
    if 'saas' in (os.getenv('OPENHANDS_CONFIG_CLS') or '').lower():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf9377871fe5c735 Environment-variable access.
repo/openhands/app_server/config.py:293
        aws_region = os.getenv('AWS_REGION_NAME')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f82dba5acb0e9ba5 Environment-variable access.
repo/openhands/app_server/config.py:294
        aws_key = os.getenv('AWS_ACCESS_KEY_ID')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17251b42562f2a0b Environment-variable access.
repo/openhands/app_server/config.py:295
        aws_secret = os.getenv('AWS_SECRET_ACCESS_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #586cafb5a6da8beb Environment-variable access.
repo/openhands/app_server/config.py:301
        ollama_url = os.getenv('OLLAMA_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8434b636c0ed9b0 Environment-variable access.
repo/openhands/app_server/config.py:312
            bucket_name = os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43c3280bc706f0b0 Environment-variable access.
repo/openhands/app_server/config.py:320
            bucket_name = os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30aaa8064eff1239 Environment-variable access.
repo/openhands/app_server/config.py:334
        if os.getenv('RUNTIME') == 'remote':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a1b8d97b147063f Environment-variable access.
repo/openhands/app_server/config.py:336
                api_key=os.environ['SANDBOX_API_KEY'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f48e1141d2428ebf Environment-variable access.
repo/openhands/app_server/config.py:337
                api_url=os.environ['SANDBOX_REMOTE_RUNTIME_API_URL'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74b19fba796483ab Environment-variable access.
repo/openhands/app_server/config.py:339
        elif os.getenv('RUNTIME') in ('local', 'process'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82bbcbb7f67e6b79 Environment-variable access.
repo/openhands/app_server/config.py:344
            if os.getenv('SANDBOX_HOST_PORT'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d61f609110a76b58 Environment-variable access.
repo/openhands/app_server/config.py:346
                    os.environ['SANDBOX_HOST_PORT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8787d40e6afecd5d Environment-variable access.
repo/openhands/app_server/config.py:348
            if os.getenv('SANDBOX_CONTAINER_URL_PATTERN'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5856683c28f37da8 Environment-variable access.
repo/openhands/app_server/config.py:349
                docker_sandbox_kwargs['container_url_pattern'] = os.environ[

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fbbf72fe09ba154 Environment-variable access.
repo/openhands/app_server/config.py:349
                docker_sandbox_kwargs['container_url_pattern'] = os.environ[
                    'SANDBOX_CONTAINER_URL_PATTERN'
                ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #464ff5c9e81b09e4 Environment-variable access.
repo/openhands/app_server/config.py:355
            if os.getenv('SANDBOX_STARTUP_GRACE_SECONDS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69643fd3d5294ccb Environment-variable access.
repo/openhands/app_server/config.py:357
                    os.environ['SANDBOX_STARTUP_GRACE_SECONDS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bc0de07f2454e39 Environment-variable access.
repo/openhands/app_server/config.py:361
            sandbox_volumes = os.getenv('SANDBOX_VOLUMES')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c230d9406c780660 Environment-variable access.
repo/openhands/app_server/config.py:389
        if os.getenv('RUNTIME') == 'remote':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0034aea5fff2129 Environment-variable access.
repo/openhands/app_server/config.py:391
        elif os.getenv('RUNTIME') in ('local', 'process'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2f109d6f3f1179e Environment-variable access.
repo/openhands/app_server/constants.py:17
MAX_API_SECRETS_COUNT: int = int(os.getenv('OH_MAX_API_SECRETS_COUNT', '50'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc1f18ed89459e0e Environment-variable access.
repo/openhands/app_server/constants.py:22
MAX_API_SECRET_NAME_LENGTH: int = int(os.getenv('OH_MAX_API_SECRET_NAME_LENGTH', '256'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f89a24664529b602 Environment-variable access.
repo/openhands/app_server/constants.py:28
    os.getenv('OH_MAX_API_SECRET_VALUE_LENGTH', '65536')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc8f6bf003ee468e Environment-variable access.
repo/openhands/app_server/event/aws_event_service.py:81
    endpoint_url = os.getenv('AWS_S3_ENDPOINT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #366f94d5049169f8 Environment-variable access.
repo/openhands/app_server/event/aws_event_service.py:84
    secure = os.getenv('AWS_S3_SECURE', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61d9f98b116d600b Environment-variable access.
repo/openhands/app_server/event/event_service_base.py:26
        return max(1, int(os.getenv('EVENT_SERVICE_LOAD_EVENT_CONCURRENCY', '10')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #187b8fe7d1e6c643 Filesystem access.
repo/openhands/app_server/event/filesystem_event_service.py:25
            content = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3ee8d4ddef8959b Filesystem access.
repo/openhands/app_server/event/filesystem_event_service.py:36
        path.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #267a70f96bc5c3cf Filesystem access.
repo/openhands/app_server/file_store/files.py:29
        with open(source_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0b0b36349fcd626 Environment-variable access.
repo/openhands/app_server/file_store/google_cloud.py:31
        return os.environ['GOOGLE_CLOUD_BUCKET_NAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a25f975a90f8f702 Filesystem access.
repo/openhands/app_server/file_store/local.py:35
            with open(temp_path, mode) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f288b2a6ea9d14f1 Filesystem access.
repo/openhands/app_server/file_store/local.py:61
        with open(full_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #996dc6e6343696c2 Environment-variable access.
repo/openhands/app_server/file_store/s3.py:37
            self._resolved_bucket = self.bucket_name or os.environ['AWS_S3_BUCKET']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f93d62c65eb4ae6 Environment-variable access.
repo/openhands/app_server/file_store/s3.py:44
            access_key = os.getenv('AWS_ACCESS_KEY_ID')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85ef8a0738f03e8a Environment-variable access.
repo/openhands/app_server/file_store/s3.py:45
            secret_key = os.getenv('AWS_SECRET_ACCESS_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f3d65c00df0a92d Environment-variable access.
repo/openhands/app_server/file_store/s3.py:46
            secure = os.getenv('AWS_S3_SECURE', 'true').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39e02f3a269bf2e7 Environment-variable access.
repo/openhands/app_server/file_store/s3.py:47
            endpoint = self._ensure_url_scheme(secure, os.getenv('AWS_S3_ENDPOINT'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6557e25f85118d85 Environment-variable access.
repo/openhands/app_server/integrations/azure_devops/azure_devops_service.py:237
azure_devops_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9162b91051e7e01b Environment-variable access.
repo/openhands/app_server/integrations/azure_devops/azure_devops_service.py:237
azure_devops_service_cls = os.environ.get(
    'OPENHANDS_AZURE_DEVOPS_SERVICE_CLS',
    'openhands.app_server.integrations.azure_devops.azure_devops_service.AzureDevOpsService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d3aee320ba385ae Environment-variable access.
repo/openhands/app_server/integrations/bitbucket/bitbucket_service.py:63
bitbucket_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b14f342457eedfc Environment-variable access.
repo/openhands/app_server/integrations/bitbucket/bitbucket_service.py:63
bitbucket_service_cls = os.environ.get(
    'OPENHANDS_BITBUCKET_SERVICE_CLS',
    'openhands.app_server.integrations.bitbucket.bitbucket_service.BitBucketService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f44735ff911119e3 Environment-variable access.
repo/openhands/app_server/integrations/bitbucket_data_center/bitbucket_dc_service.py:54
            base_domain = os.environ.get('BITBUCKET_DATA_CENTER_HOST') or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8fb1d1b70d561c2 Environment-variable access.
repo/openhands/app_server/integrations/bitbucket_data_center/bitbucket_dc_service.py:81
bitbucket_dc_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #951ec886424643cc Environment-variable access.
repo/openhands/app_server/integrations/bitbucket_data_center/bitbucket_dc_service.py:81
bitbucket_dc_service_cls = os.environ.get(
    'OPENHANDS_BITBUCKET_DATA_CENTER_SERVICE_CLS',
    'openhands.app_server.integrations.bitbucket_data_center.bitbucket_dc_service.BitbucketDCService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e753399c23b6d4b Environment-variable access.
repo/openhands/app_server/integrations/forgejo/forgejo_service.py:52
forgejo_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a470036b3e0dbb1 Environment-variable access.
repo/openhands/app_server/integrations/forgejo/forgejo_service.py:52
forgejo_service_cls = os.environ.get(
    'OPENHANDS_FORGEJO_SERVICE_CLS',
    'openhands.app_server.integrations.forgejo.forgejo_service.ForgejoService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2d4f66bc8e56e73 Environment-variable access.
repo/openhands/app_server/integrations/forgejo/service/base.py:51
            env_token = os.environ.get('FORGEJO_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78a468247e298190 Environment-variable access.
repo/openhands/app_server/integrations/forgejo/service/base.py:55
        env_base_url = os.environ.get('FORGEJO_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b6e5eb5a5871bfb Environment-variable access.
repo/openhands/app_server/integrations/github/github_service.py:74
github_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cbe5d7564d52053 Environment-variable access.
repo/openhands/app_server/integrations/github/github_service.py:74
github_service_cls = os.environ.get(
    'OPENHANDS_GITHUB_SERVICE_CLS',
    'openhands.app_server.integrations.github.github_service.GitHubService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8db011492235b6e3 Environment-variable access.
repo/openhands/app_server/integrations/gitlab/constants.py:11
    os.environ.get('GITLAB_HOST', 'gitlab.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6e9f69c19bc8941 Environment-variable access.
repo/openhands/app_server/integrations/gitlab/gitlab_service.py:79
gitlab_service_cls = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e89f76afcb86349e Environment-variable access.
repo/openhands/app_server/integrations/gitlab/gitlab_service.py:79
gitlab_service_cls = os.environ.get(
    'OPENHANDS_GITLAB_SERVICE_CLS',
    'openhands.app_server.integrations.gitlab.gitlab_service.GitLabService',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f4e48c2ef1b45db Environment-variable access.
repo/openhands/app_server/integrations/jira_dc/config.py:23
    email = os.getenv('JIRA_DC_SERVICE_ACCOUNT_EMAIL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e20bf15f262ad72 Environment-variable access.
repo/openhands/app_server/integrations/jira_dc/config.py:24
    api_key = os.getenv('JIRA_DC_SERVICE_ACCOUNT_PAT', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3522943727fb0b8 Environment-variable access.
repo/openhands/app_server/integrations/provider.py:145
        WEB_HOST = os.getenv('WEB_HOST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #097c6314ebb124da Environment-variable access.
repo/openhands/app_server/integrations/provider.py:535
            allow_insecure = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6255d2a387f07bd9 Environment-variable access.
repo/openhands/app_server/integrations/provider.py:535
            allow_insecure = os.environ.get(
                'ALLOW_INSECURE_GIT_ACCESS', 'false'
            ).lower() in ('true', '1', 'yes')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c013b1f586c854b Environment-variable access.
repo/openhands/app_server/mcp/mcp_router.py:45
HOST = f'https://{os.getenv("WEB_HOST", "app.all-hands.dev").strip()}'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85a966fef336d8f8 Environment-variable access.
repo/openhands/app_server/sandbox/docker_sandbox_service.py:55
    value = os.getenv('AGENT_SERVER_USE_HOST_NETWORK', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce9fba2245ebf813 Environment-variable access.
repo/openhands/app_server/sandbox/docker_sandbox_service.py:61
    value = os.getenv('SANDBOX_KVM_ENABLED', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1951cfbbcc52755 Environment-variable access.
repo/openhands/app_server/sandbox/dynamic_remote_sandbox_spec_service.py:122
        default_factory=lambda: os.environ.get('SANDBOX_REMOTE_RUNTIME_API_URL', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a99f31d57b3847e Environment-variable access.
repo/openhands/app_server/sandbox/dynamic_remote_sandbox_spec_service.py:126
        default_factory=lambda: os.environ.get('SANDBOX_API_KEY', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df75ec9efaaf40ed Environment-variable access.
repo/openhands/app_server/sandbox/process_sandbox_service.py:125
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #919ceaddfe9eced5 Filesystem access.
repo/openhands/app_server/sandbox/process_sandbox_service.py:145
            with open(log_path, 'a', buffering=1) as log_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e282aaf175aa4429 Environment-variable access.
repo/openhands/app_server/sandbox/sandbox_spec_service.py:121
    repository = os.getenv('AGENT_SERVER_IMAGE_REPOSITORY') or _DEFAULT_REPOSITORY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e204d54fed7dc06 Environment-variable access.
repo/openhands/app_server/sandbox/sandbox_spec_service.py:123
    tag = os.getenv('AGENT_SERVER_IMAGE_TAG') or f'{bundled_version}-python'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ac0ac3f89e0f96b Environment-variable access.
repo/openhands/app_server/sandbox/sandbox_spec_service.py:201
    for key, value in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab12e4331c417610 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:78
    return os.getenv('RUNTIME_FILE_ARCHIVE_ENABLED', 'false').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94ae7df66cd18183 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:83
    return os.getenv('RUNTIME_FILE_ARCHIVE_REQUIRED', 'false').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb5cac85f3b81d44 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:88
    return os.getenv('RUNTIME_FILE_ARCHIVE_ENRICH', 'true').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78e2f47f5e0f23be Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:92
    return os.getenv('RUNTIME_FILE_ARCHIVE_BUCKET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83d5f15469d44b61 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:96
    return os.getenv('RUNTIME_FILE_ARCHIVE_PREFIX', 'workspace-archives')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fa060ba1474131b Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:106
    return os.getenv('RUNTIME_FILE_ARCHIVE_FORMAT', 'both')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #166bd8bd749412d9 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:131
    raw = os.getenv(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #612bb34d4e421697 Environment-variable access.
repo/openhands/app_server/sandbox/workspace_archive.py:159
    return os.getenv('RUNTIME_FILE_ARCHIVE_STORE_TYPE', 'google_cloud')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60114caf0f2a3cb3 Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:10
    config_cls = os.environ.get('OPENHANDS_CONFIG_CLS', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2042aba68127262c Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:13
    github_client_id = os.environ.get('GITHUB_APP_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9e47822924679de Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:14
    enable_billing = os.environ.get('ENABLE_BILLING', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c57d68fe66165f0 Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:15
    hide_llm_settings = os.environ.get('HIDE_LLM_SETTINGS', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02fb9e212914fdca Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:28
    enable_v1: bool = os.getenv('ENABLE_V1') != '0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3301d5ccb442b7d Environment-variable access.
repo/openhands/app_server/server_config/server_config.py:49
    config_cls = os.environ.get('OPENHANDS_CONFIG_CLS', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b7412852ee52a56 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:57
            self.host = os.getenv('DB_HOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05dce45fa5ab9f6b Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:59
            self.port = int(os.getenv('DB_PORT', '5432'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #123717f0c127caee Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:61
            self.name = os.getenv('DB_NAME', 'openhands')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5908ff45a2933f78 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:63
            self.user = os.getenv('DB_USER', 'postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9706ea03bee04dd4 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:65
            self.password = SecretStr(os.getenv('DB_PASS', 'postgres').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #960310a1583f04df Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:67
            self.gcp_db_instance = os.getenv('GCP_DB_INSTANCE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04b76da759e91a8b Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:69
            self.gcp_project = os.getenv('GCP_PROJECT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c157bbb434f449b Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:71
            self.gcp_region = os.getenv('GCP_REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6a26e7a5da92837 Environment-variable access.
repo/openhands/app_server/services/db_session_injector.py:73
            self.ssl_mode = os.getenv('DB_SSL_MODE') or os.getenv('PGSSLMODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe5cbd03695ae13f Environment-variable access.
repo/openhands/app_server/settings/marketplace_composition.py:51
    raw = os.environ.get(MARKETPLACE_LOADING_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca6e4fe274e109e8 Environment-variable access.
repo/openhands/app_server/settings/marketplace_composition.py:135
    env_value = os.environ.get(INSTANCE_MARKETPLACES_ENV, '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33f75cb9ae509ebf Environment-variable access.
repo/openhands/app_server/settings/settings_router.py:60
LITE_LLM_API_URL = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33a48eaee37f74e0 Environment-variable access.
repo/openhands/app_server/settings/settings_router.py:60
LITE_LLM_API_URL = os.environ.get(
    'LITE_LLM_API_URL', 'https://llm-proxy.app.all-hands.dev'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a029b26baaa13782 Filesystem access.
repo/openhands/app_server/status/system_stats.py:59
        with open(f'/proc/{process.pid}/io', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c979d99fa2f127b7 Filesystem access.
repo/openhands/app_server/user/skills_router.py:81
        text = file_path.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eae2d2d5b689da59 Environment-variable access.
repo/openhands/app_server/utils/dependencies.py:9
_SESSION_API_KEY = os.getenv('SESSION_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6027f2647ee90536 Environment-variable access.
repo/openhands/app_server/utils/encryption_key.py:35
    jwt_secret = os.getenv('JWT_SECRET')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c98f0ac956b8bfa9 Filesystem access.
repo/openhands/app_server/utils/encryption_key.py:54
        encryption_keys = type_adapter.validate_json(key_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #431cb6d19d93098c Filesystem access.
repo/openhands/app_server/utils/encryption_key.py:59
        jwt_secret = jwt_secret_file.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2545a817b4345eda Environment-variable access.
repo/openhands/app_server/utils/environment.py:31
    provider = os.environ.get('SHARED_EVENT_STORAGE_PROVIDER', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d323847a5f68c60a Environment-variable access.
repo/openhands/app_server/utils/environment.py:35
        provider = os.environ.get('FILE_STORE', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c48b284d5617488a Environment-variable access.
repo/openhands/app_server/utils/environment.py:55
    if os.environ.get('DOCKER_CONTAINER') == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a88daf8378378db9 Environment-variable access.
repo/openhands/app_server/utils/llm_metadata.py:63
            f'web_host:{os.environ.get("WEB_HOST", "unspecified")}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90ea5af56ad6e95a Environment-variable access.
repo/openhands/app_server/utils/logger.py:25
LOG_LEVEL = os.getenv('LOG_LEVEL', 'INFO').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5d373682f08ae5e Environment-variable access.
repo/openhands/app_server/utils/logger.py:26
DEBUG = os.getenv('DEBUG', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #202eb482b7e3b37b Environment-variable access.
repo/openhands/app_server/utils/logger.py:27
DEBUG_LLM = os.getenv('DEBUG_LLM', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d33599d9a77eedc Environment-variable access.
repo/openhands/app_server/utils/logger.py:30
LOG_JSON = os.getenv('LOG_JSON', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83284f78633cd2c7 Environment-variable access.
repo/openhands/app_server/utils/logger.py:31
LOG_JSON_LEVEL_KEY = os.getenv('LOG_JSON_LEVEL_KEY', 'level')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6bd5f0046ad377f Environment-variable access.
repo/openhands/app_server/utils/logger.py:55
LOG_TO_FILE = os.getenv('LOG_TO_FILE', str(LOG_LEVEL == 'DEBUG')).lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3191a16d5245cccd Environment-variable access.
repo/openhands/app_server/utils/logger.py:62
LOG_ALL_EVENTS = os.getenv('LOG_ALL_EVENTS', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6857505e5d5d7da6 Environment-variable access.
repo/openhands/app_server/utils/logger.py:65
DEBUG_RUNTIME = os.getenv('DEBUG_RUNTIME', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8dcb3d3f32275e8c Environment-variable access.
repo/openhands/app_server/utils/logger.py:252
        for key, value in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6703d9eb87c3b80 Environment-variable access.
repo/openhands/app_server/utils/redis.py:9
REDIS_HOST = os.environ.get('REDIS_HOST', 'localhost')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93f971deedf65e31 Environment-variable access.
repo/openhands/app_server/utils/redis.py:10
REDIS_PORT = int(os.environ.get('REDIS_PORT', '6379'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd339946c81f1ad1 Environment-variable access.
repo/openhands/app_server/utils/redis.py:11
REDIS_PASSWORD = os.environ.get('REDIS_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c96a7491466114a Environment-variable access.
repo/openhands/app_server/utils/redis.py:12
REDIS_DB = int(os.environ.get('REDIS_DB', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3de9cf136767372d Filesystem access.
repo/openhands/app_server/version.py:17
                with open(file_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37ff50722f86adcf Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:26
    key = os.getenv('RECAPTCHA_SITE_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea8f295b546a8f23 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:40
    key = os.getenv('POSTHOG_CLIENT_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df4dc06164ebee6c Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:49
    url = os.getenv('AUTH_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a282b3ba5954d5e Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:60
    value = os.getenv('MAINTENANCE_START_TIME', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6222c1149fa916c3 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:71
    return bool(os.getenv('GITLAB_APP_CLIENT_ID', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aed30d941f8d32c3 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:82
    if os.getenv('GITHUB_APP_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9529558247cafd75 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:88
    if os.getenv('BITBUCKET_APP_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #843eb9cbf2e0cc92 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:91
    if os.getenv('BITBUCKET_DATA_CENTER_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73da242b5425764a Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:94
    if os.getenv('AZURE_DEVOPS_CLIENT_ID', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff417e3cec087c8c Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:97
    if os.getenv('ENABLE_ENTERPRISE_SSO', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a38b9680d7558520 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:109
    slug = os.getenv('GITHUB_APP_SLUG', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #809b4c6f21c31563 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:116
        os.getenv('SLACK_WEBHOOKS_ENABLED', 'false').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63aaf106a32a0f20 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:117
        and bool(os.getenv('SLACK_CLIENT_ID', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0be2df6147143b66 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:118
        and bool(os.getenv('SLACK_CLIENT_SECRET', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ad05ae2bc18b6bb Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:119
        and bool(os.getenv('SLACK_SIGNING_SECRET', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fde08ef1d82a26ee Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:128
        smtp_enabled = bool(os.getenv('SMTP_HOST', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43901ffeb41d9584 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:135
        resend_enabled = bool(os.getenv('RESEND_API_KEY', '').strip())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5be5cf375c2758ef Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:151
    if os.getenv('JIRA_DC_ENABLE_OAUTH', '1') not in ('1', 'true'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2532632bd503a94 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:153
    base_url = os.getenv('JIRA_DC_BASE_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #994a1a1dbc073347 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:193
        enable_billing=os.getenv('ENABLE_BILLING', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9ca7b23543d2bdb Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:194
        hide_llm_settings=os.getenv('HIDE_LLM_SETTINGS', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a14c1037fd344e35 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:195
        enable_jira=os.getenv('ENABLE_JIRA', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50aa0c7c78060ff1 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:196
        enable_jira_dc=os.getenv('ENABLE_JIRA_DC', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27fd7f97263ab9ee Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:197
        enable_linear=os.getenv('ENABLE_LINEAR', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #375608db437fdf7b Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:198
        hide_users_page=os.getenv('HIDE_USERS_PAGE', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5088222add048832 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:199
        hide_billing_page=os.getenv('HIDE_BILLING_PAGE', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c02d918d8b43571 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:200
        hide_integrations_page=os.getenv('HIDE_INTEGRATIONS_PAGE', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b74fb7933972a39c Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:201
        hide_personal_workspaces=os.getenv('HIDE_PERSONAL_WORKSPACES', 'false')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #539b44765079c79d Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:203
        allow_user_llm_configuration=os.getenv(
            'OH_ALLOW_USER_LLM_CONFIGURATION', 'true'
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68cdcb8ab110cbe4 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:207
        enable_acp=os.getenv('ENABLE_ACP', 'true') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08f98a6809ca9704 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:208
        enable_onboarding=os.getenv('OH_ENABLE_ONBOARDING', 'false') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5844bf58faf90ec2 Environment-variable access.
repo/openhands/app_server/web_client/default_web_client_config_injector.py:209
        enable_automations=os.getenv('ENABLE_AUTOMATIONS', 'true') == 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d8e82ffddd55342 Environment-variable access.
repo/openhands/app_server/web_client/web_client_deployment_mode.py:14
    explicit = os.getenv('OH_DEPLOYMENT_MODE', '').strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #accc01d7479349c8 Environment-variable access.
repo/openhands/app_server/web_client/web_client_deployment_mode.py:19
    web_host = os.getenv('OH_WEB_HOST', os.getenv('WEB_HOST', '')).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #956ea71c6e179a5e Environment-variable access.
repo/openhands/server/__main__.py:19
        port=int(os.environ.get('port') or '3000'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91256be346edc4a5 Environment-variable access.
repo/openhands/server/__main__.py:20
        log_level='debug' if os.environ.get('DEBUG') else 'info',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51bce8d5e4b20e49 Environment-variable access.
repo/scripts/auto_close_duplicate_issues.py:41
    token = os.environ.get('GITHUB_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #994f12a283693fb2 Filesystem access.
repo/scripts/check_enterprise_migration_integrity.py:81
            module = ast.parse(path.read_text(encoding='utf-8'), filename=str(path))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bc382ab59dc4b8b Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:16
OPENHANDS_BASE_URL = os.environ.get('OPENHANDS_BASE_URL', 'https://app.all-hands.dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c018f7f299016745 Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:18
GITHUB_API_BASE_URL = os.environ.get('GITHUB_API_BASE_URL', 'https://api.github.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61190407be18facc Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:81
    github_token = os.environ.get('GITHUB_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #649587c1cbeec034 Environment-variable access.
repo/scripts/issue_duplicate_check_openhands.py:88
    api_key = os.environ.get('OPENHANDS_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #368f225b3c6a2654 Filesystem access.
repo/scripts/issue_duplicate_check_openhands.py:601
        output_path.write_text(json.dumps(result, indent=2, ensure_ascii=False) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b024b85d313b49c Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:16
OPENHANDS_BASE_URL = os.environ.get('OPENHANDS_BASE_URL', 'https://app.all-hands.dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d06b7f7ffb9211a3 Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:18
GITHUB_API_BASE_URL = os.environ.get('GITHUB_API_BASE_URL', 'https://api.github.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c1ee40913c8e37e Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:81
    github_token = os.environ.get('GITHUB_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba948bea82ab7080 Environment-variable access.
repo/scripts/issue_good_first_issue_check_openhands.py:88
    api_key = os.environ.get('OPENHANDS_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4069cd5470de045a Filesystem access.
repo/scripts/issue_good_first_issue_check_openhands.py:544
        output_path.write_text(json.dumps(result, indent=2, ensure_ascii=False) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e8b1c30c0809761 Environment-variable access.
repo/scripts/update_openapi.py:37
os.environ['OPENHANDS_LOG_LEVEL'] = 'CRITICAL'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c52fc6477aaa2c9d Filesystem access.
repo/scripts/update_openapi.py:154
        with open(spec_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6090973745a956de Filesystem access.
repo/scripts/update_openapi.py:187
    with open(spec_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): enterprise

python first-party
expand_more 172 low-confidence finding(s)
low env_fs production #1c0fd97af5dc75f3 Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:18
        with open(yaml_file, 'r') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69ca88ee9b86378e Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:68
        with open(output_env_file, 'a') as env_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67378392273fc867 Environment-variable access.
repo/enterprise/enterprise_local/convert_to_env.py:75
lite_llm_api_key = os.getenv('LITE_LLM_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c271bb78626f5faa Filesystem access.
repo/enterprise/enterprise_local/convert_to_env.py:127
with open(output_env_file, 'a') as env_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6516c48b2d675248 Environment-variable access.
repo/enterprise/integrations/github/data_collector.py:51
    os.getenv('COLLECT_GITHUB_INTERACTIONS', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92630344245915c3 Environment-variable access.
repo/enterprise/integrations/utils.py:23
    os.getenv('ENABLE_PROACTIVE_CONVERSATION_STARTERS', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6df0690e0227ff45 Environment-variable access.
repo/enterprise/integrations/utils.py:107
    os.getenv('OPENHANDS_RESOLVER_TEMPLATES_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3ff5e8ad4aee169 Environment-variable access.
repo/enterprise/integrations/utils.py:130
    override = os.getenv('OH_RESOLVER_LABEL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9815e97e8c59544a Environment-variable access.
repo/enterprise/migrations/env.py:24
DB_USER = os.getenv('DB_USER', 'postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7f2bf8bd19ed2af Environment-variable access.
repo/enterprise/migrations/env.py:25
DB_PASS = os.getenv('DB_PASS', 'postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36597c091ee419f9 Environment-variable access.
repo/enterprise/migrations/env.py:26
DB_HOST = os.getenv('DB_HOST', 'localhost')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df3baf6a56355b45 Environment-variable access.
repo/enterprise/migrations/env.py:27
DB_PORT = os.getenv('DB_PORT', '5432')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20d98d238918be9c Environment-variable access.
repo/enterprise/migrations/env.py:28
DB_NAME = os.getenv('DB_NAME', 'openhands')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfda427c67386e59 Environment-variable access.
repo/enterprise/migrations/env.py:33
DB_DRIVER = os.getenv('DB_DRIVER', 'pg8000')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ea7951515102574 Environment-variable access.
repo/enterprise/migrations/env.py:34
DB_SSL_MODE = os.getenv('DB_SSL_MODE') or os.getenv('PGSSLMODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf2086a8e10749e8 Environment-variable access.
repo/enterprise/migrations/env.py:36
GCP_DB_INSTANCE = os.getenv('GCP_DB_INSTANCE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef11007ededf0e58 Environment-variable access.
repo/enterprise/migrations/env.py:37
GCP_PROJECT = os.getenv('GCP_PROJECT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e35ef90ff815afb3 Environment-variable access.
repo/enterprise/migrations/env.py:38
GCP_REGION = os.getenv('GCP_REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb4ce4b30dd5fe75 Environment-variable access.
repo/enterprise/migrations/env.py:40
POOL_SIZE = int(os.getenv('DB_POOL_SIZE', '25'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72b74ad0526a3ee3 Environment-variable access.
repo/enterprise/migrations/env.py:41
MAX_OVERFLOW = int(os.getenv('DB_MAX_OVERFLOW', '10'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f8b86157bdc4c3c Environment-variable access.
repo/enterprise/migrations/versions/019_remove_duplicates_from_stripe.py:28
    if 'STRIPE_API_KEY' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d26539ef5dbb57b7 Environment-variable access.
repo/enterprise/migrations/versions/019_remove_duplicates_from_stripe.py:32
    stripe.api_key = os.environ['STRIPE_API_KEY']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #306e400f2df8832e Environment-variable access.
repo/enterprise/migrations/versions/099_create_user_authorizations_table.py:34
    blacklist_patterns = os.environ.get('EMAIL_PATTERN_BLACKLIST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #013ba553f1111dbc Environment-variable access.
repo/enterprise/migrations/versions/099_create_user_authorizations_table.py:35
    whitelist_patterns = os.environ.get('EMAIL_PATTERN_WHITELIST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37c048c435713580 Environment-variable access.
repo/enterprise/saas_server.py:8
if not os.getenv('OPENHANDS_CONFIG_CLS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92cf1cf242cc8d4d Environment-variable access.
repo/enterprise/saas_server.py:9
    os.environ['OPENHANDS_CONFIG_CLS'] = 'server.config.SaaSServerConfig'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecb0ea8edeeefa25 Environment-variable access.
repo/enterprise/saas_server.py:13
os.environ['SERVE_FRONTEND'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f200a6c1e0695b04 Environment-variable access.
repo/enterprise/saas_server.py:82
directory = os.getenv('FRONTEND_DIRECTORY', './frontend/build')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7848dfbd3811d1f Environment-variable access.
repo/enterprise/server/app_lifespan/saas_app_lifespan_service.py:27
        api_key = os.environ.get('POSTHOG_CLIENT_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e4c232d96b1ea6f Environment-variable access.
repo/enterprise/server/app_lifespan/saas_app_lifespan_service.py:28
        host = os.environ.get('POSTHOG_HOST', 'https://us.i.posthog.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b7539edb5ba850d Environment-variable access.
repo/enterprise/server/auth/constants.py:5
GITHUB_APP_CLIENT_ID = os.getenv('GITHUB_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7808efbde02b91d Environment-variable access.
repo/enterprise/server/auth/constants.py:6
GITHUB_APP_CLIENT_SECRET = os.getenv('GITHUB_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca58bec78906a09e Environment-variable access.
repo/enterprise/server/auth/constants.py:7
GITHUB_APP_WEBHOOK_SECRET = os.getenv('GITHUB_APP_WEBHOOK_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fd5ac47f11d3874 Environment-variable access.
repo/enterprise/server/auth/constants.py:8
GITHUB_APP_PRIVATE_KEY = os.getenv('GITHUB_APP_PRIVATE_KEY', '').replace('\\n', '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f5aa13d6e6d0fe1 Environment-variable access.
repo/enterprise/server/auth/constants.py:9
KEYCLOAK_SERVER_URL = os.getenv('KEYCLOAK_SERVER_URL', '').rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c64642ccac13a25 Environment-variable access.
repo/enterprise/server/auth/constants.py:10
KEYCLOAK_REALM_NAME = os.getenv('KEYCLOAK_REALM_NAME', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df9ebcbf3e5752f3 Environment-variable access.
repo/enterprise/server/auth/constants.py:11
KEYCLOAK_CLIENT_ID = os.getenv('KEYCLOAK_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2b2385cca7de3ee Environment-variable access.
repo/enterprise/server/auth/constants.py:12
KEYCLOAK_CLIENT_SECRET = os.getenv('KEYCLOAK_CLIENT_SECRET', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6a2367f56b80ab9 Environment-variable access.
repo/enterprise/server/auth/constants.py:13
KEYCLOAK_SERVER_URL_EXT = os.getenv(
    'KEYCLOAK_SERVER_URL_EXT', f'https://{os.getenv("AUTH_WEB_HOST", "")}'
).rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6ea2c4c5c78e9bd Environment-variable access.
repo/enterprise/server/auth/constants.py:14
    'KEYCLOAK_SERVER_URL_EXT', f'https://{os.getenv("AUTH_WEB_HOST", "")}'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9149e7a11e91750d Environment-variable access.
repo/enterprise/server/auth/constants.py:16
KEYCLOAK_ADMIN_PASSWORD = os.getenv('KEYCLOAK_ADMIN_PASSWORD', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69f817cc0e70903a Environment-variable access.
repo/enterprise/server/auth/constants.py:17
GITLAB_APP_CLIENT_ID = os.getenv('GITLAB_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a58c191858a0bedb Environment-variable access.
repo/enterprise/server/auth/constants.py:18
GITLAB_APP_CLIENT_SECRET = os.getenv('GITLAB_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c3366e9ba772f07 Environment-variable access.
repo/enterprise/server/auth/constants.py:20
BITBUCKET_APP_CLIENT_ID = os.getenv('BITBUCKET_APP_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3351c85bb24dd25c Environment-variable access.
repo/enterprise/server/auth/constants.py:21
BITBUCKET_APP_CLIENT_SECRET = os.getenv('BITBUCKET_APP_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b193283ff94cd31d Environment-variable access.
repo/enterprise/server/auth/constants.py:22
AZURE_DEVOPS_CLIENT_ID = os.getenv('AZURE_DEVOPS_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69fedcd4fa800b64 Environment-variable access.
repo/enterprise/server/auth/constants.py:23
AZURE_DEVOPS_CLIENT_SECRET = os.getenv('AZURE_DEVOPS_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #727ae20828ccde8b Environment-variable access.
repo/enterprise/server/auth/constants.py:24
AZURE_DEVOPS_TENANT_ID = os.getenv('AZURE_DEVOPS_TENANT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35cc1dc30f1f5604 Environment-variable access.
repo/enterprise/server/auth/constants.py:25
AZURE_DEVOPS_ORGANIZATION = os.getenv('AZURE_DEVOPS_ORGANIZATION', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82ecb9969cd59d51 Environment-variable access.
repo/enterprise/server/auth/constants.py:26
AZURE_DEVOPS_WEBHOOK_SECRET = os.getenv('AZURE_DEVOPS_WEBHOOK_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5ca41c4048cdeb3 Environment-variable access.
repo/enterprise/server/auth/constants.py:27
AZURE_DEVOPS_SCOPE = os.getenv(
    'AZURE_DEVOPS_SCOPE', 'https://app.vssps.visualstudio.com/.default'
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f972349ebea3e510 Environment-variable access.
repo/enterprise/server/auth/constants.py:35
ENABLE_ENTERPRISE_SSO = os.getenv('ENABLE_ENTERPRISE_SSO', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e87210822c8583b6 Environment-variable access.
repo/enterprise/server/auth/constants.py:36
ENABLE_JIRA = os.environ.get('ENABLE_JIRA', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #891f0ee8f0aa5a81 Environment-variable access.
repo/enterprise/server/auth/constants.py:37
ENABLE_JIRA_DC = os.environ.get('ENABLE_JIRA_DC', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c32dc75d58e4b95c Environment-variable access.
repo/enterprise/server/auth/constants.py:38
ENABLE_LINEAR = os.environ.get('ENABLE_LINEAR', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15acd40b8ffe28b0 Environment-variable access.
repo/enterprise/server/auth/constants.py:39
ENABLE_AUTOMATIONS = os.environ.get('ENABLE_AUTOMATIONS', 'true') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f046851105ec997 Environment-variable access.
repo/enterprise/server/auth/constants.py:40
JIRA_CLIENT_ID = os.getenv('JIRA_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1c8dc66c6c1fff3 Environment-variable access.
repo/enterprise/server/auth/constants.py:41
JIRA_CLIENT_SECRET = os.getenv('JIRA_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6138dfd057425705 Environment-variable access.
repo/enterprise/server/auth/constants.py:43
JIRA_HTTP_TIMEOUT = float(os.getenv('JIRA_HTTP_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb74df5e8769d3d5 Environment-variable access.
repo/enterprise/server/auth/constants.py:44
LINEAR_CLIENT_ID = os.getenv('LINEAR_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec3e3b66b99d66d3 Environment-variable access.
repo/enterprise/server/auth/constants.py:45
LINEAR_CLIENT_SECRET = os.getenv('LINEAR_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3f0f159a5de1ab1 Environment-variable access.
repo/enterprise/server/auth/constants.py:46
JIRA_DC_CLIENT_ID = os.getenv('JIRA_DC_CLIENT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f5f5a085dbcb3a2 Environment-variable access.
repo/enterprise/server/auth/constants.py:47
JIRA_DC_CLIENT_SECRET = os.getenv('JIRA_DC_CLIENT_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8be1ed8ba7cba33 Environment-variable access.
repo/enterprise/server/auth/constants.py:48
JIRA_DC_BASE_URL = os.getenv('JIRA_DC_BASE_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8db66c8d699a90f1 Environment-variable access.
repo/enterprise/server/auth/constants.py:49
JIRA_DC_ENABLE_OAUTH = os.getenv('JIRA_DC_ENABLE_OAUTH', '1') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcfe45357dfceb87 Environment-variable access.
repo/enterprise/server/auth/constants.py:50
JIRA_DC_SERVICE_ACCOUNT_EMAIL = os.getenv('JIRA_DC_SERVICE_ACCOUNT_EMAIL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aec1448a8d3beff9 Environment-variable access.
repo/enterprise/server/auth/constants.py:51
JIRA_DC_SERVICE_ACCOUNT_PAT = os.getenv('JIRA_DC_SERVICE_ACCOUNT_PAT', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6738658db4dd12fb Environment-variable access.
repo/enterprise/server/auth/constants.py:53
JIRA_DC_HTTP_TIMEOUT = float(os.getenv('JIRA_DC_HTTP_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea25485af8de085c Environment-variable access.
repo/enterprise/server/auth/constants.py:54
AUTH_URL = os.getenv('AUTH_URL', '').rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91077eba3e619a67 Environment-variable access.
repo/enterprise/server/auth/constants.py:55
ROLE_CHECK_ENABLED = os.getenv('ROLE_CHECK_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c2784f0f78761a2 Environment-variable access.
repo/enterprise/server/auth/constants.py:64
DUPLICATE_EMAIL_CHECK = os.getenv('DUPLICATE_EMAIL_CHECK', 'true') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c461705f2ca05e6d Environment-variable access.
repo/enterprise/server/auth/constants.py:65
BITBUCKET_DATA_CENTER_CLIENT_ID = os.getenv(
    'BITBUCKET_DATA_CENTER_CLIENT_ID', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a64e73ff4bf6de2b Environment-variable access.
repo/enterprise/server/auth/constants.py:68
BITBUCKET_DATA_CENTER_CLIENT_SECRET = os.getenv(
    'BITBUCKET_DATA_CENTER_CLIENT_SECRET', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #effe9e8bc41b10eb Environment-variable access.
repo/enterprise/server/auth/constants.py:71
BITBUCKET_DATA_CENTER_HOST = os.getenv('BITBUCKET_DATA_CENTER_HOST', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecad4ca39dff8d6b Environment-variable access.
repo/enterprise/server/auth/constants.py:78
BITBUCKET_DATA_CENTER_BOT_TOKEN = os.getenv(
    'BITBUCKET_DATA_CENTER_BOT_TOKEN', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c78d933c92a71490 Environment-variable access.
repo/enterprise/server/auth/constants.py:84
BITBUCKET_DATA_CENTER_BOT_USERNAME = os.getenv(
    'BITBUCKET_DATA_CENTER_BOT_USERNAME', ''
).strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6fb092a76d9490d Environment-variable access.
repo/enterprise/server/auth/constants.py:92
RECAPTCHA_PROJECT_ID = os.getenv('RECAPTCHA_PROJECT_ID', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7386a4ead4dd811c Environment-variable access.
repo/enterprise/server/auth/constants.py:93
RECAPTCHA_SITE_KEY = os.getenv('RECAPTCHA_SITE_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc4e8ff72777a250 Environment-variable access.
repo/enterprise/server/auth/constants.py:94
RECAPTCHA_HMAC_SECRET = os.getenv('RECAPTCHA_HMAC_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb921e7ab936bd79 Environment-variable access.
repo/enterprise/server/auth/constants.py:95
RECAPTCHA_BLOCK_THRESHOLD = float(os.getenv('RECAPTCHA_BLOCK_THRESHOLD', '0.3'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4020f0625bf46712 Environment-variable access.
repo/enterprise/server/auth/constants.py:98
AUTOMATION_SERVICE_URL = os.getenv('AUTOMATION_SERVICE_URL', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed94302d06beee5d Environment-variable access.
repo/enterprise/server/auth/constants.py:106
AUTOMATION_EVENT_FORWARDING_ENABLED = os.getenv(
    'AUTOMATION_EVENT_FORWARDING_ENABLED', 'false'
) in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c42cbef8d5ac9fa9 Environment-variable access.
repo/enterprise/server/auth/constants.py:110
AUTOMATION_WEBHOOK_SECRET = os.getenv('AUTOMATION_WEBHOOK_SECRET', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57fd1f787391dcc3 Environment-variable access.
repo/enterprise/server/auth/constants.py:112
AUTOMATION_SERVICE_TIMEOUT = int(os.getenv('AUTOMATION_SERVICE_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7e26e4afb2cb6a3 Environment-variable access.
repo/enterprise/server/config.py:57
    config_cls: str = os.environ.get('OPENHANDS_CONFIG_CLS', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #769bfa4511d92ef4 Environment-variable access.
repo/enterprise/server/config.py:59
    posthog_client_key: str = os.environ.get('POSTHOG_CLIENT_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3e6f94cd552777a Environment-variable access.
repo/enterprise/server/config.py:60
    github_client_id: str = os.environ.get('GITHUB_APP_CLIENT_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30e67e6d96cdb113 Environment-variable access.
repo/enterprise/server/config.py:61
    enable_billing = os.environ.get('ENABLE_BILLING', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0eae94aee21d0e6 Environment-variable access.
repo/enterprise/server/config.py:62
    hide_llm_settings = os.environ.get('HIDE_LLM_SETTINGS', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1217d7ec85226564 Environment-variable access.
repo/enterprise/server/config.py:63
    auth_url: str | None = os.environ.get('AUTH_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e5875cd24a8cbf9 Environment-variable access.
repo/enterprise/server/config.py:75
    maintenance_start_time: str = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e5de0dd597d5fca Environment-variable access.
repo/enterprise/server/config.py:75
    maintenance_start_time: str = os.environ.get(
        'MAINTENANCE_START_TIME', ''
    )  # Timestamp in EST e.g 2025-07-29T14:18:01.219616-04:00

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d96a065a24d0700 Environment-variable access.
repo/enterprise/server/config.py:82
    enable_onboarding = os.environ.get('OH_ENABLE_ONBOARDING', 'false') == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a37939598c9c5fcf Hardcoded external endpoint. Review what data is sent to this destination.
repo/enterprise/server/config.py:118
        response = requests.get('https://api.github.com/app', headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #967edb48bc2cd218 Environment-variable access.
repo/enterprise/server/constants.py:5
HOST = os.getenv('WEB_HOST', 'app.all-hands.dev').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50501f7ffd706beb Environment-variable access.
repo/enterprise/server/constants.py:23
BYOR_KEY_ALIAS_PATTERN = os.getenv(
    'BYOR_KEY_ALIAS_PATTERN', 'BYOR Key - user {user_id}, org {org_id}'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3341f75e2d84abf9 Environment-variable access.
repo/enterprise/server/constants.py:45
    explicit = os.getenv('OH_DEPLOYMENT_MODE', '').strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #022b444ccc8d0285 Environment-variable access.
repo/enterprise/server/constants.py:61
DEFAULT_BILLING_MARGIN = float(os.environ.get('DEFAULT_BILLING_MARGIN', '1.0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b529b3abe1e06b04 Environment-variable access.
repo/enterprise/server/constants.py:74
LITELLM_DEFAULT_MODEL = os.getenv('LITELLM_DEFAULT_MODEL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ea76bc11d3cb31b Environment-variable access.
repo/enterprise/server/constants.py:75
OPENHANDS_LLM_PROVIDER_ROUTE = os.getenv('OPENHANDS_LLM_PROVIDER_ROUTE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94e051ab40451fe0 Environment-variable access.
repo/enterprise/server/constants.py:76
OPENHANDS_DEFAULT_LLM_MODEL = os.getenv('OPENHANDS_DEFAULT_LLM_MODEL') or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #206bccf1e2a3d208 Environment-variable access.
repo/enterprise/server/constants.py:76
OPENHANDS_DEFAULT_LLM_MODEL = os.getenv('OPENHANDS_DEFAULT_LLM_MODEL') or os.getenv(
    'LLM_MODEL'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8951644b92338414 Environment-variable access.
repo/enterprise/server/constants.py:79
OPENHANDS_DEFAULT_LLM_BASE_URL = os.getenv(
    'OPENHANDS_DEFAULT_LLM_BASE_URL'
) or os.getenv('LLM_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc76507467b4d29f Environment-variable access.
repo/enterprise/server/constants.py:81
) or os.getenv('LLM_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7600e667a8dad5fa Environment-variable access.
repo/enterprise/server/constants.py:82
OPENHANDS_DEFAULT_LLM_API_KEY = os.getenv('OPENHANDS_DEFAULT_LLM_API_KEY') or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cacce54d9bd487f5 Environment-variable access.
repo/enterprise/server/constants.py:82
OPENHANDS_DEFAULT_LLM_API_KEY = os.getenv('OPENHANDS_DEFAULT_LLM_API_KEY') or os.getenv(
    'LLM_API_KEY'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a043a891918c8c2 Environment-variable access.
repo/enterprise/server/constants.py:90
LITE_LLM_API_URL = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8f97e8dddb45d89 Environment-variable access.
repo/enterprise/server/constants.py:90
LITE_LLM_API_URL = os.environ.get(
    'LITE_LLM_API_URL', 'https://llm-proxy.app.all-hands.dev'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99b6bf53616bd188 Environment-variable access.
repo/enterprise/server/constants.py:93
LITE_LLM_TEAM_ID = os.environ.get('LITE_LLM_TEAM_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8b3d108ff039a0c Environment-variable access.
repo/enterprise/server/constants.py:94
LITE_LLM_API_KEY = os.environ.get('LITE_LLM_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07d293f224d625ca Environment-variable access.
repo/enterprise/server/constants.py:110
STRIPE_API_KEY = os.environ.get('STRIPE_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #321c04c74e4f85ec Environment-variable access.
repo/enterprise/server/constants.py:111
REQUIRE_PAYMENT = os.environ.get('REQUIRE_PAYMENT', '0') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34bcf11136133873 Environment-variable access.
repo/enterprise/server/constants.py:113
SLACK_CLIENT_ID = os.environ.get('SLACK_CLIENT_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97731c84eadb9f6c Environment-variable access.
repo/enterprise/server/constants.py:114
SLACK_CLIENT_SECRET = os.environ.get('SLACK_CLIENT_SECRET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d3d2ca73c55f4f0 Environment-variable access.
repo/enterprise/server/constants.py:115
SLACK_SIGNING_SECRET = os.environ.get('SLACK_SIGNING_SECRET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac9b87bde0a229d5 Environment-variable access.
repo/enterprise/server/constants.py:116
SLACK_WEBHOOKS_ENABLED = os.environ.get('SLACK_WEBHOOKS_ENABLED', '0') in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1399c5a372a865a Environment-variable access.
repo/enterprise/server/constants.py:118
WEB_HOST = os.getenv('WEB_HOST', 'app.all-hands.dev').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecba83355f707ee5 Environment-variable access.
repo/enterprise/server/constants.py:121
    for host in (os.getenv('PERMITTED_CORS_ORIGINS') or f'https://{WEB_HOST}').split(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66b26125e76bf13e Environment-variable access.
repo/enterprise/server/constants.py:127
DEFAULT_V1_ENABLED = os.getenv('DEFAULT_V1_ENABLED', '1').lower() in ('1', 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ff94da4a5b4d93d Environment-variable access.
repo/enterprise/server/constants.py:135
USER_PROVISIONING_ENABLED = os.getenv('USER_PROVISIONING_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #639c7ba70a69a806 Environment-variable access.
repo/enterprise/server/constants.py:145
OPEN_ORG_CREATION_ENABLED = os.getenv('OPEN_ORG_CREATION_ENABLED', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #361a77a4f8c7adf7 Environment-variable access.
repo/enterprise/server/logger.py:13
LOG_JSON = os.getenv('LOG_JSON', '1') == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ef683ed743937b9 Environment-variable access.
repo/enterprise/server/logger.py:14
LOG_LEVEL = os.getenv('LOG_LEVEL', 'INFO').upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #637a153cef5ab953 Environment-variable access.
repo/enterprise/server/logger.py:15
DEBUG = os.getenv('DEBUG', 'False').lower() in ['true', '1', 'yes']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4eb47c3a2f701a1 Environment-variable access.
repo/enterprise/server/logger.py:26
LOG_JSON_FOR_CONSOLE = int(os.getenv('LOG_JSON_FOR_CONSOLE', '0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa5a25573900ec69 Environment-variable access.
repo/enterprise/server/routes/github_proxy.py:14
GITHUB_PROXY_ENDPOINTS = bool(os.environ.get('GITHUB_PROXY_ENDPOINTS'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93072a42b3bee576 Environment-variable access.
repo/enterprise/server/routes/integration/github.py:22
GITHUB_WEBHOOKS_ENABLED = os.environ.get('GITHUB_WEBHOOKS_ENABLED', '1') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b7444964b643bf7 Environment-variable access.
repo/enterprise/server/routes/integration/jira.py:27
JIRA_WEBHOOKS_ENABLED = os.environ.get('JIRA_WEBHOOKS_ENABLED', '0') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be60a6dfcaea3097 Environment-variable access.
repo/enterprise/server/routes/integration/jira_dc.py:56
JIRA_DC_WEBHOOKS_ENABLED = os.environ.get('JIRA_DC_WEBHOOKS_ENABLED', '0') in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4939a48740708c7c Environment-variable access.
repo/enterprise/server/routes/service.py:23
AUTOMATIONS_SERVICE_KEY = os.getenv('AUTOMATIONS_SERVICE_KEY', '').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74af10b6aae2dc60 Environment-variable access.
repo/enterprise/server/services/email_service.py:32
        resend_api_key = os.environ.get('RESEND_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #868f155cd46478a3 Environment-variable access.
repo/enterprise/server/services/email_service.py:48
        return RESEND_AVAILABLE and bool(os.environ.get('RESEND_API_KEY'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5dec1cd6782b9318 Environment-variable access.
repo/enterprise/server/services/email_service.py:57
        web_host = os.environ.get('WEB_HOST', DEFAULT_WEB_HOST).strip().rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20d67196f1925297 Environment-variable access.
repo/enterprise/server/services/email_service.py:91
        from_email = os.environ.get('RESEND_FROM_EMAIL', DEFAULT_FROM_EMAIL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cddf28f98ab2be51 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:30
        host = os.environ.get('SMTP_HOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f06e4216f7fe20b Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:34
        port_value = os.environ.get('SMTP_PORT', '587')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46a9cdfa321bd4d7 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:44
        use_ssl = os.environ.get('SMTP_USE_SSL', 'false').lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38e53b7c0d27cdf7 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:49
            os.environ.get('SMTP_USE_TLS', 'true').lower() in ('true', '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #569e541452c7a26c Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:58
            'username': os.environ.get('SMTP_USERNAME', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4daa8ac8be6db32b Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:59
            'password': os.environ.get('SMTP_PASSWORD', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42d99400cb430ca3 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:60
            'from_email': os.environ.get('SMTP_FROM_EMAIL', DEFAULT_FROM_EMAIL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb8361789dc098b0 Environment-variable access.
repo/enterprise/server/services/smtp_email_service.py:123
        web_host = os.environ.get('WEB_HOST', DEFAULT_WEB_HOST).strip().rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f763451cd15271a9 Environment-variable access.
repo/enterprise/server/sharing/aws_shared_event_service.py:139
        default_factory=lambda: os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5828d51e978bfe8 Environment-variable access.
repo/enterprise/server/sharing/aws_shared_event_service.py:163
                endpoint_url=os.getenv('AWS_S3_ENDPOINT'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a2d0069b12cb59f Environment-variable access.
repo/enterprise/server/sharing/google_cloud_shared_event_service.py:135
        default_factory=lambda: os.environ.get('FILE_STORE_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4ca110b4d2d9d46 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:16
RATE_LIMIT_AUTH_WINDOWS = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97aa547e9a2b8f60 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:16
RATE_LIMIT_AUTH_WINDOWS = os.environ.get(
    'RATE_LIMIT_AUTH_WINDOWS', '10/second; 100/minute'
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e6892bfdd81853e Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:23
    os.environ.get('RATE_LIMIT_USER_SECONDS', '120')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7872097991c2ea24 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:26
    os.environ.get('RATE_LIMIT_IP_SECONDS', '300')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1dfb611d81cef75 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:31
    os.environ.get('RATE_LIMIT_AUTH_VERIFY_EMAIL_USER_SECONDS', '60')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66d8ca4b44d706bf Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:34
    os.environ.get('RATE_LIMIT_AUTH_VERIFY_EMAIL_IP_SECONDS', '120')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcebfd4048fd93df Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:39
    os.environ.get('RATE_LIMIT_EMAIL_RESEND_USER_SECONDS', '30')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0a55df26e77e3b5 Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:42
    os.environ.get('RATE_LIMIT_EMAIL_RESEND_IP_SECONDS', '60')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9ba9a341574a80f Environment-variable access.
repo/enterprise/server/utils/rate_limit_utils.py:47
    os.environ.get('RATE_LIMIT_ORG_INVITATION_USER_SECONDS', '6')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba6dcc41d5ec495a Environment-variable access.
repo/enterprise/storage/default_org_service.py:43
        value = os.getenv(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27e392ee790a6ea5 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:36
ENABLE_BILLING = os.environ.get('ENABLE_BILLING', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #487aaab72b230a89 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:53
        budget = float(os.environ.get('DEFAULT_INITIAL_BUDGET', 0.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e694a65046cbdfdf Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:154
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #270293926a586d13 Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:313
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9349e5661a17955c Environment-variable access.
repo/enterprise/storage/lite_llm_manager.py:521
        local_deploy = os.environ.get('LOCAL_DEPLOYMENT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0e8826c691463fa Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:47
RESEND_API_KEY = os.environ.get('RESEND_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39a4749fb3d1d4c7 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:48
RESEND_AUDIENCE_ID = os.environ.get('RESEND_AUDIENCE_ID', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1746ed47c3bf5538 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:54
BATCH_SIZE = int(os.environ.get('BATCH_SIZE', '2000'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3454a558f64f9ba6 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:55
MAX_RETRIES = int(os.environ.get('MAX_RETRIES', '3'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a589d08dda131cdf Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:56
INITIAL_BACKOFF_SECONDS = float(os.environ.get('INITIAL_BACKOFF_SECONDS', '1'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01580104369b3077 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:57
MAX_BACKOFF_SECONDS = float(os.environ.get('MAX_BACKOFF_SECONDS', '60'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cd0ecfcac932267 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:58
BACKOFF_FACTOR = float(os.environ.get('BACKOFF_FACTOR', '2'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4944740cc8f6033b Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:59
RATE_LIMIT = float(os.environ.get('RATE_LIMIT', '2'))  # Requests per second

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5d6d03d913d01a9 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:277
            'from': os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a038d02ebfcf337b Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:277
            'from': os.environ.get(
                'RESEND_FROM_EMAIL', 'OpenHands Team <[email protected]>'
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e97c636fffc892f4 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:280
            'reply_to': os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #028b9285e1745142 Environment-variable access.
repo/enterprise/sync/resend_keycloak.py:280
            'reply_to': os.environ.get(
                'RESEND_REPLY_TO_EMAIL', '[email protected]'
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

litellm

python dependency
high pii_flow dependency Excluded from app score #19a3cd5a32e9d6eb User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:192 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:176 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:192
        mock_response = httpx.Response(
            status_code=200,
            content=file_content,
            headers={"content-type": "application/octet-stream"},
            request=httpx.Request(method="GET", url=s3_uri),
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #7b5da4a807bbe8a7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:519 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:504 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:519
        return httpx.AsyncClient(
            transport=transport,
            event_hooks=event_hooks,
            timeout=timeout,
            verify=ssl_config,
            cert=cert,
            headers=default_headers,
            follow_redirects=True,
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #5fcc9fc68e779792 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1051 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1042 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1051
            self.client = httpx.Client(
                transport=transport,
                timeout=timeout,
                verify=ssl_config,
                cert=cert,
                headers=default_headers,
                follow_redirects=True,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #ac6bbf81a5c17d57 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
        response = httpx.get(path, headers=headers, params=params)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #3d811a2125a5a66b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:592 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665
        mock_response = HttpxResponse(
            status_code=200,
            content=json.dumps(response).encode("utf-8"),
            headers={"content-type": "application/json"},
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #5849402898d5e401 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:41 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:38 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:41
            params={"timeout": httpx.Timeout(timeout=timeout, connect=5.0)},

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #71c46c7d7eb1155d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:218 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:208 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:218
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #bb650b6dd8202ed9 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:283 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:274 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:283
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #19c9f34b8bb851c3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:414 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:405 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:414
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #1c1b9aafb72aae4d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:628 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:616 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:628
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #c51e10270a3fc44a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2223 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2193 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2223
    base_url = httpx.URL(base_target_url)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #749064b8c6c4fe2e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:162 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161
        response = httpx.post(
            self.token_url,
            data={
                "grant_type": "client_credentials",
                "client_id": self.client_id,
                "client_secret": self.client_secret,
                "scope": scope,
            },
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #3d0ed3d32bdc6dee User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:100 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:103 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:100
                    response=httpx.Response(
                        status_code=429,
                        content="{} rpm limit={}. current usage={}. id={}, model_group={}. Get the model info by calling 'router.get_model_info(id)".format(
                            RouterErrors.user_defined_ratelimit_error.value,
                            deployment_rpm,
                            local_result,
                            model_id,
                            deployment.get("model_name", ""),
                        ),
                        request=httpx.Request(method="tpm_rpm_limits", url="https://github.com/BerriAI/litellm"),  # type: ignore
                    ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #49c8da3b80421a1e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:125 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:128 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:125
                        response=httpx.Response(
                            status_code=429,
                            content="{} rpm limit={}. current usage={}".format(
                                RouterErrors.user_defined_ratelimit_error.value,
                                deployment_rpm,
                                result,
                            ),
                            request=httpx.Request(method="tpm_rpm_limits", url="https://github.com/BerriAI/litellm"),  # type: ignore
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #6d9b8041dc394763 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:185 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:188 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:185
                    response=httpx.Response(
                        status_code=429,
                        content="{} rpm limit={}. current usage={}".format(
                            RouterErrors.user_defined_ratelimit_error.value,
                            deployment_rpm,
                            local_result,
                        ),
                        headers={"retry-after": str(60)},  # type: ignore
                        request=httpx.Request(method="tpm_rpm_limits", url="https://github.com/BerriAI/litellm"),  # type: ignore
                    ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #30d8b9e1e8b04902 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:209 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:212 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:209
                        response=httpx.Response(
                            status_code=429,
                            content="{} rpm limit={}. current usage={}".format(
                                RouterErrors.user_defined_ratelimit_error.value,
                                deployment_rpm,
                                result,
                            ),
                            headers={"retry-after": str(60)},  # type: ignore
                            request=httpx.Request(method="tpm_rpm_limits", url="https://github.com/BerriAI/litellm"),  # type: ignore
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #b3fbf74d8606dd4c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:121 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:123 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:121
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} tpm limit={tpm_limit}. current usage={current_tpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #af25f746fdb3bf38 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:142 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:144 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:142
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} rpm limit={rpm_limit}. current usage={current_rpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #d2b66e4eadf8c889 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:198 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:200 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:198
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} tpm limit={tpm_limit}. current usage={current_tpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #05c654f5d4efc0a5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:223 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:225 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:223
                        response=httpx.Response(
                            status_code=429,
                            content=f"{RouterErrors.user_defined_ratelimit_error.value} rpm limit={rpm_limit}. current usage={current_rpm}. id={model_id}, model_group={model_group}",
                            headers={"retry-after": str(60)},
                            request=httpx.Request(
                                method="model_rate_limit_check",
                                url="https://github.com/BerriAI/litellm",
                            ),
                        ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry dependency Excluded from app score #a4240d6ae9294797 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/_service_logger.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fefd2b0da78e497e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/base_cache.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #58867ea882dc1a61 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/disk_cache.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #712dda948f4109cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/dual_cache.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c652f81ef74eb498 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cache.py:40
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c3c9e4c213a9903a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cluster_cache.py:13
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3c73dbb0a97f5e95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/_utils.py:15
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5c39eedc962832af Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:19
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2b7a0157a0070391 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:45
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3b2164634d25d188 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:46
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4a63b53ca499a7c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:10
    from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c10abae9d1808eb8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:11
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #84d6a23577cfa500 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:12
    from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3111957f354fada1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:61
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #166db1173f9bafcc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:62
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #136905d89ebd7d04 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:160
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #359fc6c5a4be18a1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:202
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1f1a62b062a43a21 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:247
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #339b29aad374ae13 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/custom_logger.py:38
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #67a02fb701c11d12 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:19
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d38c09df82ef3631 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel_attributes.py:28
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b2a7ae8e65e806de Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langtrace.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3c952e8228a7053b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1ec51c01e2c3308 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:28
    from opentelemetry.sdk.trace.export import SpanExporter as _SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d5361fe6d0943dea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:29
    from opentelemetry.trace import Context as _Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a23ba6648f99db4c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ccf94ab00b0bdacf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:31
    from opentelemetry.trace import Tracer as _Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #804e1f996bd6a6ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:109
        from opentelemetry.sdk.trace.export.in_memory_span_exporter import (
            InMemorySpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #83e7fd238ee03e4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:190
        from opentelemetry.sdk.resources import OTELResourceDetector, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f469c39fad66cc2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:310
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1b0ba1e877ca29cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:311
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b5414be06f0fed0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:312
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fb9c32c3d808ff51 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:346
        from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #90a2cf87c77a48c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:347
        from opentelemetry.sdk.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #620627288fef6028 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:406
        from opentelemetry._logs import get_logger_provider, set_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #603b940708119c5d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:407
        from opentelemetry.sdk._logs import LoggerProvider as OTLoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5bf4a1897475fd6a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:408
        from opentelemetry.sdk._logs.export import BatchLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2ad181d38b794142 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:450
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d18cf5d0ae19c503 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:451
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f3349499c3edac05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:510
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #73edbd6968ae6079 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:511
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3fd474a62f4038ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:572
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2865c4de5f6712f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:573
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #93e40d83055723d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:687
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3754ed576f72f050 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:758
            from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8d9278dfd6ad51cc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:805
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1da4c015fabd4983 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:825
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cddd7475c4c0c5a4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:826
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5ed823b5a36d6a02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1090
        from opentelemetry._logs import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d3c038dbf3900708 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1093
            from opentelemetry.sdk._logs import (  # type: ignore[attr-defined]  # OTEL < 1.39.0
                LogRecord as SdkLogRecord,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b17f8f7460128bdd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1097
            from opentelemetry.sdk._logs._internal import (
                LogRecord as SdkLogRecord,  # type: ignore[attr-defined]  # OTEL >= 1.39.0

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1f84311daa896fab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1179
        from opentelemetry import trace as _trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bd84fef45b5eceb3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1267
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #58f5604371ea98db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1940
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4bfc5d3ab0a3383b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1951
        from opentelemetry import context, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cf1f1cdfe1cf0a41 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1952
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e21e26ec34b5533a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2007
        from opentelemetry.sdk.trace.export import (
            BatchSpanProcessor,
            ConsoleSpanExporter,
            SimpleSpanProcessor,
            SpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e2bc92e0a75fab47 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2058
                from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
                    OTLPSpanExporter as OTLPSpanExporterHTTP,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f715af95e7fbb37 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2081
                from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (
                    OTLPSpanExporter as OTLPSpanExporterGRPC,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #189a2e8f2b427b5d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2141
            from opentelemetry.sdk._logs.export import ConsoleLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #440b906c2784f3ee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2153
            from opentelemetry.exporter.otlp.proto.http._log_exporter import (
                OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5a66d6d43f1e988d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2167
                from opentelemetry.exporter.otlp.proto.grpc._log_exporter import (
                    OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e11d0004fa44adee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2189
            from opentelemetry.sdk._logs.export import ConsoleLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fd28f4289cd63d28 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2197
        from opentelemetry.sdk.metrics import Histogram

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #367574e9d3dee425 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2198
        from opentelemetry.sdk.metrics.export import (
            AggregationTemporality,
            ConsoleMetricExporter,
            PeriodicExportingMetricReader,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #45ca989e9669d003 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2225
            from opentelemetry.exporter.otlp.proto.http.metric_exporter import (
                OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1960defc201713a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2238
                from opentelemetry.exporter.otlp.proto.grpc.metric_exporter import (
                    OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #682accd7c7ce3fc3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2359
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2b8c514a7309a1ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2360
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d2bd92cce7bc89c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2412
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ce4b46af8e87cfa8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2413
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c8a12b97e36af2fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry_utils/base_otel_llm_obs_attributes.py:5
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e100d8eb0408db5c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:39
        from opentelemetry.semconv.ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a8cd6f3f7e6e025b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:40
        from opentelemetry.trace import SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9004c6af6e3d2a89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:8
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c5608760b81a04a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:26
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #94aab8c73d5d470c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/core_helpers.py:12
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1443b5a4cf893d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3604
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #55752456fd980d74 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3610
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #25e9fcaf677f9884 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3611
                from sentry_sdk.scrubber import EventScrubber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c3bf2079f622048a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/logging_utils.py:18
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b1a8d0c3d68c722c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/llms/base_llm/managed_resources/base_managed_resource.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d274354363175598 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/_types.py:64
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a29fbb48cbf5afd5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_checks.py:83
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ac2f168058e832ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_exception_handler.py:28
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #478944f622c5226e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/batch_rate_limiter.py:36
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #762abbc8e42b6c22 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter.py:22
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2950bd3cef6cf50f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:36
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1467bec54182526a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:120
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d20ee7d944147516 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/utils.py:139
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #729cba38640934e8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router.py:195
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #11963bf4bf902fe3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_latency.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5f680d04df033fa7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:21
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #034426f70ff2ba44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_cache.py:17
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #10955b92369da5be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_handlers.py:29
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cd229e473a319ddf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/handle_error.py:12
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6379117f9479e0c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/health_state_cache.py:17
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d215486609e8f40c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:24
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #30701b338241a36b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/prompt_caching_cache.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 1353 low-confidence finding(s)
low env_fs dependency Excluded from app score #dde46f65df0a6cbe Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:19
if os.getenv("LITELLM_MODE", "DEV") == "DEV":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa4defdd35529513 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:87
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #739798d8d3500a6e Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:219
drop_params = bool(os.getenv("LITELLM_DROP_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7379a9c71c6d76f Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:220
modify_params = bool(os.getenv("LITELLM_MODIFY_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #352a8f66a5fa30bd Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:222
    os.getenv("LITELLM_USE_CHAT_COMPLETIONS_URL_FOR_ANTHROPIC_MESSAGES", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85e72c454d40c98c Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:225
    os.getenv("LITELLM_ROUTE_ALL_CHAT_OPENAI_TO_RESPONSES", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #317f1a3742abf7da Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:376
model_cost_map_url: str = os.getenv(
    "LITELLM_MODEL_COST_MAP_URL",
    "https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8af8d9efb4223b24 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:380
blog_posts_url: str = os.getenv(
    "LITELLM_BLOG_POSTS_URL",
    "https://docs.litellm.ai/blog/rss.xml",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #434ab67a1d5eb31c Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:384
anthropic_beta_headers_url: str = os.getenv(
    "LITELLM_ANTHROPIC_BETA_HEADERS_URL",
    "https://raw.githubusercontent.com/BerriAI/litellm/main/litellm/anthropic_beta_headers_config.json",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e31f7e7d96814bd4 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:2003
if os.getenv("LITELLM_DISABLE_LAZY_LOADING", "").lower() in ("1", "true", "yes", "on"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3712e1ceb587ce6e Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:21
    os.getenv("LITELLM_DISABLE_REDACT_SECRETS", "").lower() != "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55b041b10412f517 Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:84
json_logs = bool(os.getenv("JSON_LOGS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #549f0b970c8261aa Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:86
log_level = os.getenv("LITELLM_LOG", "DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fead8af49c2ace78 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:159
    if "REDIS_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c97292e0159e7ef Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:160
        return os.environ["REDIS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca7229ed5885f8b7 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:162
    if "REDIS_HOST" not in os.environ or "REDIS_PORT" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cb610e13c7867c9 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:167
    if "REDIS_SSL" in os.environ and os.environ["REDIS_SSL"].lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b741a820e883a50f Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:174
    if "REDIS_USERNAME" in os.environ and "REDIS_PASSWORD" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bc9ae20f1cbf44f Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:175
        auth_part = f"{os.environ['REDIS_USERNAME']}:{os.environ['REDIS_PASSWORD']}@"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #302c59068097834c Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:176
    elif "REDIS_PASSWORD" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b46a334dc66331e Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:177
        auth_part = f"{os.environ['REDIS_PASSWORD']}@"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #866d489385c276b4 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:179
    return f"{redis_protocol}://{auth_part}{os.environ['REDIS_HOST']}:{os.environ['REDIS_PORT']}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53a0dbcc40f81552 Filesystem access.
pkgs/python/[email protected]/litellm/anthropic_beta_headers_manager.py:51
                files("litellm")
                .joinpath("anthropic_beta_headers_config.json")
                .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad587c472f6e184a Environment-variable access.
pkgs/python/[email protected]/litellm/anthropic_beta_headers_manager.py:142
    if os.getenv("LITELLM_LOCAL_ANTHROPIC_BETA_HEADERS", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69bcfec8a7be8822 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:113
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64efebcca5acf696 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:114
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8a0cac4e9e94e01 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:120
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c91979b2c144daba Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:128
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #284b485581d6107f Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:318
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55b5a87351503458 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:319
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb6c222dc5f5a8c9 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:325
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f04e4a8faf70e015 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:333
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fff78e3157bc8077 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:495
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54ff64c3ec2e810c Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:496
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ed4991d44605ebf Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:502
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #900e60e0c602bf55 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:510
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #924c76095b7a120f Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:684
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39f7450a7468f54c Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:685
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0885b9e15e5b53b9 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:691
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cda3c465d1925b55 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:699
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #897da8d4278338ce Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:840
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36e95dd1c7dadc59 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:841
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae88d5a296ecbf30 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:847
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9db889143b1e652 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:855
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #397a8e4266761f38 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1029
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7fff8bbddc02fc4 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1030
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e61058eadcdc2b2 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1036
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d1924daae020744 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1044
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #641778f2e1ebcf94 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1191
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a69e261de4629653 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1192
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0251706fb5423880 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1198
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80f2e96a6a32904e Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1206
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48709534d8dedee3 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1390
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5e0f559e311727b Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1391
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f844aa9f43c4f2fa Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1397
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21619037ff2e041a Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1405
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d656ba445039fd1b Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:263
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb78bf16ef540abc Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:264
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48f87ff0c22a67f5 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:270
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dae7a0ed5ade09a Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:278
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d0dd45e09efacfe Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:432
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c05e235783a2cd9 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:433
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d9d9ba48db834bb Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:439
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92dfbfae6a5dfeb9 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:447
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #023ee4a11f742a17 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:765
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a80bc4c96ed18d40 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:789
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c16d67983d2710c4 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:790
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a976e91d8203144a Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:796
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c8be0d3dd95f8f2 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:991
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba70ea478f9345cc Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:992
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80360d20bb3ebb44 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:998
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffd883774b72ddb0 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:1005
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff3653d6d3b64716 Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:55
                with open("user_cost.json", "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c003505efe9cc531 Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:218
            with open("user_cost.json", "w") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30544e6f66299dec Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:79
            qdrant_api_base or os.getenv("QDRANT_URL") or os.getenv("QDRANT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48a71ba35d802c8b Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:81
        qdrant_api_key = qdrant_api_key or os.getenv("QDRANT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31b6ba7190c485d9 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:95
                host = host or os.environ["REDIS_HOST"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5265209e0322192 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:96
                port = port or os.environ["REDIS_PORT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20c2262b3672cc23 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:97
                password = password or os.environ["REDIS_PASSWORD"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bcc3675d120da88 Environment-variable access.
pkgs/python/[email protected]/litellm/completion_extras/litellm_responses_transformation/transformation.py:896
            or os.getenv("LITELLM_REASONING_AUTO_SUMMARY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41ef8f01868e5d90 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:8
    os.getenv("DEFAULT_HEALTH_CHECK_PROMPT", "test from litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #731cf364ed0d2f16 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:11
    os.getenv("AZURE_DEFAULT_RESPONSES_API_VERSION", "preview")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22bde62b9909e207 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:13
ROUTER_MAX_FALLBACKS = int(os.getenv("ROUTER_MAX_FALLBACKS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ef5d7feb9ab3457 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:14
DEFAULT_BATCH_SIZE = int(os.getenv("DEFAULT_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c64d3394a2fd640 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:15
DEFAULT_FLUSH_INTERVAL_SECONDS = int(os.getenv("DEFAULT_FLUSH_INTERVAL_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3caacfe73ce87c8b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:17
    os.getenv("DEFAULT_S3_FLUSH_INTERVAL_SECONDS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74ef28f514ce16f9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:19
DEFAULT_S3_BATCH_SIZE = int(os.getenv("DEFAULT_S3_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30a99cc58979802a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:21
    os.getenv("DEFAULT_SQS_FLUSH_INTERVAL_SECONDS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43d922e0c8c8f2ee Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:24
    os.getenv("DEFAULT_NUM_WORKERS_LITELLM_PROXY", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b87226b9799fccd8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:27
    os.getenv("DYNAMIC_RATE_LIMIT_ERROR_THRESHOLD_PER_MINUTE", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #389a0f5d9e08e180 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:29
DEFAULT_SQS_BATCH_SIZE = int(os.getenv("DEFAULT_SQS_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4d2165c3788631a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:32
DEFAULT_MAX_RETRIES = int(os.getenv("DEFAULT_MAX_RETRIES", 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae22f378fb81fd63 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:33
DEFAULT_MAX_RECURSE_DEPTH = int(os.getenv("DEFAULT_MAX_RECURSE_DEPTH", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ef4468bb7e420b1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:35
    os.getenv("DEFAULT_MAX_RECURSE_DEPTH_SENSITIVE_DATA_MASKER", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecf7a6cfa299d1a2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:38
    os.getenv("DEFAULT_FAILURE_THRESHOLD_PERCENT", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a9e68db7fbe1737 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:40
DEFAULT_MAX_TOKENS = int(os.getenv("DEFAULT_MAX_TOKENS", 4096))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74b52eab5480a151 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:41
DEFAULT_ALLOWED_FAILS = int(os.getenv("DEFAULT_ALLOWED_FAILS", 3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9fd4df627d01974 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:42
DEFAULT_REDIS_SYNC_INTERVAL = int(os.getenv("DEFAULT_REDIS_SYNC_INTERVAL", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb8f810d3d4c2f30 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:43
DEFAULT_COOLDOWN_TIME_SECONDS = int(os.getenv("DEFAULT_COOLDOWN_TIME_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bff1707c9f01ea9f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:45
    os.getenv("DEFAULT_REPLICATE_POLLING_RETRIES", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0592b56e159cb94f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:48
    os.getenv("DEFAULT_REPLICATE_POLLING_DELAY_SECONDS", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d118a69f85f9dd4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:50
DEFAULT_IMAGE_TOKEN_COUNT = int(os.getenv("DEFAULT_IMAGE_TOKEN_COUNT", 250))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #767ffee96733a5aa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:55
_max_stream_duration_env = os.getenv("LITELLM_MAX_STREAMING_DURATION_SECONDS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ef1ae793e32471f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:63
MAX_BASE64_LENGTH_FOR_LOGGING = int(os.getenv("MAX_BASE64_LENGTH_FOR_LOGGING", 64))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3ac237fa82f0478 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:68
    os.getenv("LITELLM_DETAILED_TIMING", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #944a2135eed7c524 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:73
    os.getenv("MODEL_COST_MAP_MIN_MODEL_COUNT", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fcbaf5b02006e1d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:76
    os.getenv("MODEL_COST_MAP_MAX_SHRINK_RATIO", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed72e05ff6cf825b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:78
DEFAULT_IMAGE_WIDTH = int(os.getenv("DEFAULT_IMAGE_WIDTH", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24de85a74ac32c94 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:79
DEFAULT_IMAGE_HEIGHT = int(os.getenv("DEFAULT_IMAGE_HEIGHT", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11489450f77f6574 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:84
MAX_IMAGE_URL_DOWNLOAD_SIZE_MB = float(os.getenv("MAX_IMAGE_URL_DOWNLOAD_SIZE_MB", 50))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d68acd0700f623ff Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:86
    os.getenv("MAX_SIZE_PER_ITEM_IN_MEMORY_CACHE_IN_KB", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1651e711e89459c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:89
    os.getenv("SINGLE_DEPLOYMENT_TRAFFIC_FAILURE_THRESHOLD", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f72f0670a8d139d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:92
    os.getenv("DEFAULT_FAILURE_THRESHOLD_MINIMUM_REQUESTS", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dca6ed3747b44701 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:96
    os.getenv("DEFAULT_REASONING_EFFORT_DISABLE_THINKING_BUDGET", 0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96f8f11a18f5e584 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:101
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_EMBEDDING_MODEL", "text-embedding-3-small")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e27fd8049f5517c8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:104
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_TOP_K", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c2960101e4ff4f6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:107
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_SIMILARITY_THRESHOLD", 0.3)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3646513165095b47 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:110
    os.getenv("MAX_MCP_SEMANTIC_FILTER_TOOLS_HEADER_LENGTH", 150)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fdf29ec654ea848 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:115
    os.getenv("DEFAULT_SEMANTIC_GUARD_EMBEDDING_MODEL", "text-embedding-3-small")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd4d2ac1b76c898a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:118
    os.getenv("DEFAULT_SEMANTIC_GUARD_SIMILARITY_THRESHOLD", 0.75)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7517fb0b78552864 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:123
    os.getenv("MCP_OAUTH2_TOKEN_EXPIRY_BUFFER_SECONDS", "60")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23422a168df2a5a3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:126
    os.getenv("MCP_OAUTH2_TOKEN_CACHE_MAX_SIZE", "200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ac3fa8f894a45ba Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:129
    os.getenv("MCP_OAUTH2_TOKEN_CACHE_DEFAULT_TTL", "3600")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b08c69d15bac5d4a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:135
MCP_NPM_CACHE_DIR = os.getenv("MCP_NPM_CACHE_DIR", "/tmp/.npm_mcp_cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #655f37f9fd1f6fb9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:136
MCP_OAUTH2_TOKEN_CACHE_MIN_TTL = int(os.getenv("MCP_OAUTH2_TOKEN_CACHE_MIN_TTL", "10"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96887db6ddbb04d5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:141
    os.getenv("MCP_PER_USER_TOKEN_DEFAULT_TTL", "43200")  # 12 hours

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #904457084b598ab5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:144
    os.getenv("MCP_PER_USER_TOKEN_EXPIRY_BUFFER_SECONDS", "60")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d7d5d1addc7f68f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:148
MCP_CLIENT_TIMEOUT = float(os.getenv("LITELLM_MCP_CLIENT_TIMEOUT", "60.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dec879db2cea378b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:149
MCP_TOOL_LISTING_TIMEOUT = float(os.getenv("LITELLM_MCP_TOOL_LISTING_TIMEOUT", "30.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef4522008ed11cdf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:150
MCP_METADATA_TIMEOUT = float(os.getenv("LITELLM_MCP_METADATA_TIMEOUT", "10.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f0a550da6177250 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:151
MCP_HEALTH_CHECK_TIMEOUT = float(os.getenv("LITELLM_MCP_HEALTH_CHECK_TIMEOUT", "10.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45cc623bc982eeb8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:158
_MCP_STDIO_EXTRA_COMMANDS = os.getenv("LITELLM_MCP_STDIO_EXTRA_COMMANDS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3920b40eb51f91a8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:172
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_FLASH", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0893ef697b2c186 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:175
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_PRO", 128)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #666577ec1a9c4d42 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:178
    os.getenv(
        "DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_FLASH_LITE", 512
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4c9b5b8a8fc1d58 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:190
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET", 128)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd206c0ccd12db5a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:197
    os.getenv("DEFAULT_REASONING_EFFORT_LOW_THINKING_BUDGET", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #580fd6743d978474 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:200
    os.getenv("DEFAULT_REASONING_EFFORT_MEDIUM_THINKING_BUDGET", 2048)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb59ac2ff4e98caf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:203
    os.getenv("DEFAULT_REASONING_EFFORT_HIGH_THINKING_BUDGET", 4096)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ef5776dd281ac10 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:206
    os.getenv("DEFAULT_REASONING_EFFORT_XHIGH_THINKING_BUDGET", 8192)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a25aa7cc0089031 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:209
    os.getenv("DEFAULT_REASONING_EFFORT_MAX_THINKING_BUDGET", 16384)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b27422ff628de1f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:212
    os.getenv("MAX_TOKEN_TRIMMING_ATTEMPTS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80d1fce03f3a6914 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:216
    os.getenv("RUNWAYML_DEFAULT_API_VERSION", "2024-11-06")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76679f17791a6a0a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:219
    os.getenv("RUNWAYML_POLLING_TIMEOUT", 600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09b05dace92dc8cb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:227
AIOHTTP_CONNECTOR_LIMIT = int(os.getenv("AIOHTTP_CONNECTOR_LIMIT", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9b4c7926822fa3f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:229
    os.getenv("AIOHTTP_CONNECTOR_LIMIT_PER_HOST", 500)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73cb046ee4faf848 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:231
AIOHTTP_KEEPALIVE_TIMEOUT = int(os.getenv("AIOHTTP_KEEPALIVE_TIMEOUT", 120))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dce4884a72fc96d3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:232
AIOHTTP_TTL_DNS_CACHE = int(os.getenv("AIOHTTP_TTL_DNS_CACHE", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3088db0267ba488 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:239
AIOHTTP_SO_KEEPALIVE = os.getenv("AIOHTTP_SO_KEEPALIVE", "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e577e3b8183ab43e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:240
AIOHTTP_TCP_KEEPIDLE = int(os.getenv("AIOHTTP_TCP_KEEPIDLE", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0766d7f95a549f6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:241
AIOHTTP_TCP_KEEPINTVL = int(os.getenv("AIOHTTP_TCP_KEEPINTVL", 30))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39aff42af8c79fb9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:242
AIOHTTP_TCP_KEEPCNT = int(os.getenv("AIOHTTP_TCP_KEEPCNT", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55660f6a34deb0df Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:255
_max_size_env = os.getenv("REALTIME_WEBSOCKET_MAX_MESSAGE_SIZE_BYTES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd2cd23acce41d2a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:263
DEFAULT_SSL_CIPHERS = os.getenv(
    "LITELLM_SSL_CIPHERS",
    # Priority 1: TLS 1.3 ciphers (fastest, ~50ms handshake)
    "TLS_AES_256_GCM_SHA384:"  # Fastest observed in testing
    "TLS_AES_128_GCM_SHA256:"  # Slightly faster than 256-bit
    "TLS_CHACHA20_POLY1305_SHA256:"  # Fast on ARM/mobile
    # Priority 2: TLS 1.2 ECDHE+GCM (fast, ~100ms handshake, widely supported)
    "ECDHE-RSA-AES256-GCM-SHA384:"
    "ECDHE-RSA-AES128-GCM-SHA256:"
    "ECDHE-ECDSA-AES256-GCM-SHA384:"
    "ECDHE-ECDSA-AES128-GCM-SHA256:"
    # Priority 3: Additional modern ciphers (good balance)
    "ECDHE-RSA-CHACHA20-POLY1305:" "ECDHE-ECDSA-CHACHA20-POLY1305:"
    # Priority 4: Widely compatible fallbacks (slower but universally supported)
    "ECDHE-RSA-AES256-SHA384:"  # Common fallback
    "ECDHE-RSA-AES128-SHA256:"  # Very widely supported
    "AES256-GCM-SHA384:"  # Non-PFS fallback (compatibility)
    "AES128-GCM-SHA256",  # Last resort (maximum compatibility)
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07a0ea96aea963be Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:293
MAX_REDIS_BUFFER_DEQUEUE_COUNT = int(os.getenv("MAX_REDIS_BUFFER_DEQUEUE_COUNT", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87282f837366314d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:295
LITELLM_ASYNCIO_QUEUE_MAXSIZE = int(os.getenv("LITELLM_ASYNCIO_QUEUE_MAXSIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ab7b044fdf6220 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:296
TOOL_POLICY_CACHE_TTL_SECONDS = int(os.getenv("TOOL_POLICY_CACHE_TTL_SECONDS", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fee6c254ae0a1b9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:300
    os.getenv("MAX_SIZE_IN_MEMORY_QUEUE", int(LITELLM_ASYNCIO_QUEUE_MAXSIZE * 0.8))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b3d55e5e8a5e13e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:303
    os.getenv("MAX_IN_MEMORY_QUEUE_FLUSH_COUNT", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e90d29213bc5590c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:307
    os.getenv("MINIMUM_PROMPT_CACHE_TOKEN_COUNT", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0635f6ddd02b867f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:310
    os.getenv("DEFAULT_TRIM_RATIO", 0.75)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a1c10ffd6138021 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:312
HOURS_IN_A_DAY = int(os.getenv("HOURS_IN_A_DAY", 24))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e091e1c548d068e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:313
DAYS_IN_A_WEEK = int(os.getenv("DAYS_IN_A_WEEK", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9a0cba71b2f48d7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:314
DAYS_IN_A_MONTH = int(os.getenv("DAYS_IN_A_MONTH", 28))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7785eddff8181513 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:315
DAYS_IN_A_YEAR = int(os.getenv("DAYS_IN_A_YEAR", 365))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #476881955039d0da Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:317
    os.getenv("REPLICATE_MODEL_NAME_WITH_ID_LENGTH", 64)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #612c34e1ae93c343 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:320
FUNCTION_DEFINITION_TOKEN_COUNT = int(os.getenv("FUNCTION_DEFINITION_TOKEN_COUNT", 9))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec66424473afab8b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:321
SYSTEM_MESSAGE_TOKEN_COUNT = int(os.getenv("SYSTEM_MESSAGE_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #753fb6e24f717745 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:322
TOOL_CHOICE_OBJECT_TOKEN_COUNT = int(os.getenv("TOOL_CHOICE_OBJECT_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5abd0c1bcfa7717d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:324
    os.getenv("DEFAULT_MOCK_RESPONSE_PROMPT_TOKEN_COUNT", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87a92c5e5046e8b4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:327
    os.getenv("DEFAULT_MOCK_RESPONSE_COMPLETION_TOKEN_COUNT", 20)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98d100c2ebc8db82 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:330
    os.getenv("MAX_SHORT_SIDE_FOR_IMAGE_HIGH_RES", 768)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1b7c32e82724e6c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:333
    os.getenv("MAX_LONG_SIDE_FOR_IMAGE_HIGH_RES", 2000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6907e4b9571fe350 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:335
MAX_TILE_WIDTH = int(os.getenv("MAX_TILE_WIDTH", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d5766289f395cc3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:336
MAX_TILE_HEIGHT = int(os.getenv("MAX_TILE_HEIGHT", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bdaaa59cdf5c273 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:338
    os.getenv("OPENAI_FILE_SEARCH_COST_PER_1K_CALLS", 2.5 / 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #635db7b80a106702 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:343
    os.getenv("AZURE_FILE_SEARCH_COST_PER_GB_PER_DAY", 0.1)  # $0.1 USD per 1 GB/Day

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab67400ace5765f6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:346
    os.getenv(
        "AZURE_COMPUTER_USE_INPUT_COST_PER_1K_TOKENS", 3.0
    )  # $0.003 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78e7f5cd90b60a71 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:351
    os.getenv(
        "AZURE_COMPUTER_USE_OUTPUT_COST_PER_1K_TOKENS", 12.0
    )  # $0.012 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c1efe2775b4be3e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:356
    os.getenv(
        "AZURE_VECTOR_STORE_COST_PER_GB_PER_DAY", 0.1
    )  # $0.1 USD per 1 GB/Day (same as file search)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1534081fc8de61be Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:360
MIN_NON_ZERO_TEMPERATURE = float(os.getenv("MIN_NON_ZERO_TEMPERATURE", 0.0001))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #704deaafd61c2001 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:363
    os.getenv("REPEATED_STREAMING_CHUNK_LIMIT", 100)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddf930a6f16d8da1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:367
DEFAULT_MAX_LRU_CACHE_SIZE = int(os.getenv("DEFAULT_MAX_LRU_CACHE_SIZE", 64))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bd0237a563424a5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:369
INITIAL_RETRY_DELAY = float(os.getenv("INITIAL_RETRY_DELAY", 0.5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4d729cbc093af7b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:370
MAX_RETRY_DELAY = float(os.getenv("MAX_RETRY_DELAY", 8.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42d10dc120e33b19 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:371
JITTER = float(os.getenv("JITTER", 0.75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f991fbc4a9d2683f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:373
    os.getenv("DEFAULT_IN_MEMORY_TTL", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6f554081dac9e64 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:376
    os.getenv("DEFAULT_MAX_REDIS_BATCH_CACHE_SIZE", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fd99e626bcb8987 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:379
    os.getenv("DEFAULT_POLLING_INTERVAL", 0.03)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #900f41dcedd44b36 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:381
AZURE_OPERATION_POLLING_TIMEOUT = int(os.getenv("AZURE_OPERATION_POLLING_TIMEOUT", 120))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89f26b787c1c9c5a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:383
    os.getenv("AZURE_DOCUMENT_INTELLIGENCE_API_VERSION", "2024-11-30")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbd5162d8fac2824 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:386
    os.getenv("AZURE_DOCUMENT_INTELLIGENCE_DEFAULT_DPI", 96)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f189d276377cbd69 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:388
REDIS_SOCKET_TIMEOUT = float(os.getenv("REDIS_SOCKET_TIMEOUT", 0.1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #318ba7f8c6555ee3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:389
REDIS_CONNECTION_POOL_TIMEOUT = int(os.getenv("REDIS_CONNECTION_POOL_TIMEOUT", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d67c6e7f4ddbe8e6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:391
    os.getenv("REDIS_CIRCUIT_BREAKER_FAILURE_THRESHOLD", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc0c357b04fd2310 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:394
    os.getenv("REDIS_CIRCUIT_BREAKER_RECOVERY_TIMEOUT", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74514aa9a6d8cd36 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:398
DEFAULT_REDIS_MAJOR_VERSION = int(os.getenv("DEFAULT_REDIS_MAJOR_VERSION", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28b434e13fdc795e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:400
    os.getenv("NON_LLM_CONNECTION_TIMEOUT", 15)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #233b3b05f8a4ffe6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:402
MAX_EXCEPTION_MESSAGE_LENGTH = int(os.getenv("MAX_EXCEPTION_MESSAGE_LENGTH", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75a3c1231291ece6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:403
MAX_STRING_LENGTH_PROMPT_IN_DB = int(os.getenv("MAX_STRING_LENGTH_PROMPT_IN_DB", 2048))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0751192bfb0737ee Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:404
BEDROCK_MAX_POLICY_SIZE = int(os.getenv("BEDROCK_MAX_POLICY_SIZE", 75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a8e096c5d3e37ce Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:406
    os.getenv("BEDROCK_MIN_THINKING_BUDGET_TOKENS", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #360f169bbb435d34 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:411
    os.getenv("REPLICATE_POLLING_DELAY_SECONDS", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #792b92d6699811df Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:414
    os.getenv("DEFAULT_ANTHROPIC_CHAT_MAX_TOKENS", 4096)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #754ba7b74debec06 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:416
TOGETHER_AI_4_B = int(os.getenv("TOGETHER_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f4e6e179a55f3f4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:417
TOGETHER_AI_8_B = int(os.getenv("TOGETHER_AI_8_B", 8))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4ce1e59ac0e8d8a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:418
TOGETHER_AI_21_B = int(os.getenv("TOGETHER_AI_21_B", 21))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7528afac1f770373 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:419
TOGETHER_AI_41_B = int(os.getenv("TOGETHER_AI_41_B", 41))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92a2e5b3edf616f1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:420
TOGETHER_AI_80_B = int(os.getenv("TOGETHER_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #988d8156a136b024 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:421
TOGETHER_AI_110_B = int(os.getenv("TOGETHER_AI_110_B", 110))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d494c0abbc8f9930 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:422
TOGETHER_AI_EMBEDDING_150_M = int(os.getenv("TOGETHER_AI_EMBEDDING_150_M", 150))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6366eeac516e77df Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:423
TOGETHER_AI_EMBEDDING_350_M = int(os.getenv("TOGETHER_AI_EMBEDDING_350_M", 350))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80681382be96156e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:424
QDRANT_SCALAR_QUANTILE = float(os.getenv("QDRANT_SCALAR_QUANTILE", 0.99))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cac68efa5df89692 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:425
QDRANT_VECTOR_SIZE = int(os.getenv("QDRANT_VECTOR_SIZE", 1536))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5784e1328a84d7a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:426
CACHED_STREAMING_CHUNK_DELAY = float(os.getenv("CACHED_STREAMING_CHUNK_DELAY", 0.02))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9da501ab95cbec35 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:428
    os.getenv("AUDIO_SPEECH_CHUNK_SIZE", 8192)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc10f5e4814f3750 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:430
DEFAULT_MAX_TOKENS_FOR_TRITON = int(os.getenv("DEFAULT_MAX_TOKENS_FOR_TRITON", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beb9eacfc794b6fa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:444
    os.getenv("REQUEST_TIMEOUT", str(int(DEFAULT_REQUEST_TIMEOUT_SECONDS)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ab646439dc2e354 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:447
    os.getenv("DEFAULT_A2A_AGENT_TIMEOUT", 6000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3795140b638ddb73 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:469
    os.getenv("DEFAULT_REPLICATE_GPU_PRICE_PER_SECOND", 0.001400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82597f1759c41920 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:471
FIREWORKS_AI_56_B_MOE = int(os.getenv("FIREWORKS_AI_56_B_MOE", 56))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6074977296c5d47 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:472
FIREWORKS_AI_176_B_MOE = int(os.getenv("FIREWORKS_AI_176_B_MOE", 176))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94894bab8285d988 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:473
FIREWORKS_AI_4_B = int(os.getenv("FIREWORKS_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46192cdb2ad01606 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:474
FIREWORKS_AI_16_B = int(os.getenv("FIREWORKS_AI_16_B", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38d63d2f95db9a06 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:475
FIREWORKS_AI_80_B = int(os.getenv("FIREWORKS_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa9ebf24bb5de46c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:479
    os.getenv("MAX_LANGFUSE_INITIALIZED_CLIENTS", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bb3fc771b21d128 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:482
    os.getenv("LOGGING_WORKER_CONCURRENCY", 100)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d629249f077e0c21 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:484
LOGGING_WORKER_MAX_QUEUE_SIZE = int(os.getenv("LOGGING_WORKER_MAX_QUEUE_SIZE", 50_000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41dbcdd7462c4919 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:486
    os.getenv("LOGGING_WORKER_MAX_TIME_PER_COROUTINE", 20.0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef24486eb808b719 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:489
    os.getenv("LOGGING_WORKER_CLEAR_PERCENTAGE", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f2cad5f67ebf127 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:491
MAX_ITERATIONS_TO_CLEAR_QUEUE = int(os.getenv("MAX_ITERATIONS_TO_CLEAR_QUEUE", 200))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f20df1f1240d83b8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:492
MAX_TIME_TO_CLEAR_QUEUE = float(os.getenv("MAX_TIME_TO_CLEAR_QUEUE", 5.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d78fc5beccbf9716 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:494
    os.getenv("LOGGING_WORKER_AGGRESSIVE_CLEAR_COOLDOWN_SECONDS", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7728743e1d60a5f5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:496
DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE = os.getenv(
    "DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE", "streaming.chunk.yield"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dc0f8d5e42becc9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:501
    os.getenv("EMAIL_BUDGET_ALERT_TTL", 24 * 60 * 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ce41920707e7011 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:504
    os.getenv("EMAIL_BUDGET_ALERT_MAX_SPEND_ALERT_PERCENTAGE", 0.8)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8256c7db40643ef Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:508
ANTHROPIC_TOKEN_COUNTING_BETA_VERSION = os.getenv(
    "ANTHROPIC_TOKEN_COUNTING_BETA_VERSION", "token-counting-2024-11-01"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cd73cc817793f18 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:526
    os.getenv("DEFAULT_GOOGLE_VIDEO_DURATION_SECONDS", 8)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8abafd8520010aa5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:531
    os.getenv("DEFAULT_DATAFORSEO_LOCATION_CODE", 2250)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7073fa4628ec7d7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1279
    os.getenv("HUMANLOOP_PROMPT_CACHE_TTL_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05f82a129e5038a9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1286
    os.getenv("PROMETHEUS_BUDGET_METRICS_REFRESH_INTERVAL_MINUTES", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e110e4ebe622b61 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1289
    os.getenv("CLOUDZERO_EXPORT_INTERVAL_MINUTES", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0139b2c1bf16742 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1292
MAXIMUM_TRACEBACK_LINES_TO_LOG = int(os.getenv("MAXIMUM_TRACEBACK_LINES_TO_LOG", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb86a37342cbd464 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1315
    os.getenv("MAX_SPENDLOG_ROWS_TO_QUERY", 1_000_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #063405a3a324d901 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1318
    os.getenv("DEFAULT_SOFT_BUDGET", 50.0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3a79b0c3221b4d4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1325
PYTHON_GC_THRESHOLD = os.getenv("PYTHON_GC_THRESHOLD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #844352c3712cef93 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1354
    os.getenv("BATCH_STATUS_POLL_INTERVAL_SECONDS", 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c20c6de2dcdc6c32 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1357
    os.getenv("BATCH_STATUS_POLL_MAX_ATTEMPTS", 24)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7cc1d2a4fdf092d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1361
    os.getenv("HEALTH_CHECK_TIMEOUT_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0959c04c609a9b6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1363
_background_health_check_max_tokens_env = os.getenv(
    "BACKGROUND_HEALTH_CHECK_MAX_TOKENS"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9311dfc40f0d1ca3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1381
_background_health_check_max_tokens_reasoning_env = os.getenv(
    "BACKGROUND_HEALTH_CHECK_MAX_TOKENS_REASONING"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5269ce63315c5f8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1407
LITELLM_KEY_ROTATION_ENABLED = os.getenv("LITELLM_KEY_ROTATION_ENABLED", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #624b578a21bd94ba Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1409
    os.getenv("LITELLM_KEY_ROTATION_CHECK_INTERVAL_SECONDS", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b700e7964c81357b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1411
LITELLM_KEY_ROTATION_GRACE_PERIOD: str = os.getenv(
    "LITELLM_KEY_ROTATION_GRACE_PERIOD", ""
)  # Duration to keep old key valid after rotation (e.g. "24h", "2d"); empty = immediate revoke (default)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f20f8aaa96881bd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1415
    os.getenv("LITELLM_KEY_ROTATION_LOCK_TTL_SECONDS", 600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0ba0b84375d90e5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1418
LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_ENABLED = os.getenv(
    "LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_ENABLED", "false"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfb8f5bd20b4b5a7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1422
    os.getenv("LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_INTERVAL_SECONDS", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e376b2e4587951c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1425
    os.getenv("LITELLM_EXPIRED_UI_SESSION_KEY_CLEANUP_BATCH_SIZE", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e504901cd4f76acb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1437
    os.getenv("CLI_JWT_EXPIRATION_HOURS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e3bfc04a65c3e4a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1438
    or os.getenv("LITELLM_CLI_JWT_EXPIRATION_HOURS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9362b42ba6618f7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1445
LITELLM_UI_SESSION_DURATION = os.getenv("LITELLM_UI_SESSION_DURATION", "24h")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f284809225fdcc4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1453
    os.getenv("CLOUDZERO_MAX_FETCHED_DATA_RECORDS", 50000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05d5c1a3de280f27 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1458
SPEND_LOG_RUN_LOOPS = int(os.getenv("SPEND_LOG_RUN_LOOPS", 500))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed1b7a8305a46db7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1459
SPEND_LOG_CLEANUP_BATCH_SIZE = int(os.getenv("SPEND_LOG_CLEANUP_BATCH_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8972152368c29330 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1460
SPEND_LOG_QUEUE_SIZE_THRESHOLD = int(os.getenv("SPEND_LOG_QUEUE_SIZE_THRESHOLD", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59731539a6366212 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1461
SPEND_LOG_QUEUE_POLL_INTERVAL = float(os.getenv("SPEND_LOG_QUEUE_POLL_INTERVAL", 2.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e95837d9b9124d10 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1463
    os.getenv("SPEND_COUNTER_RESEED_LOCKS_MAX_SIZE", 10000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fc59ad1e2812ad1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1466
    os.getenv("DEFAULT_CRON_JOB_LOCK_TTL_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba2e3d4031ff01e4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1469
    os.getenv("PROXY_BUDGET_RESCHEDULER_MIN_TIME", 597)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4967b105164b25b5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1471
PROXY_BATCH_POLLING_INTERVAL = int(os.getenv("PROXY_BATCH_POLLING_INTERVAL", 3600))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #249abc7265cb51aa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1472
MAX_OBJECTS_PER_POLL_CYCLE = max(1, int(os.getenv("MAX_OBJECTS_PER_POLL_CYCLE", 50)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a79096d2a5c4a146 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1474
    1, int(os.getenv("MANAGED_OBJECT_STALENESS_CUTOFF_DAYS", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be50f1bc70794493 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1477
    1, int(os.getenv("STALE_OBJECT_CLEANUP_BATCH_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3d57030dbd7aea9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1482
_batch_polling_env = os.getenv("PROXY_BATCH_POLLING_ENABLED", "true").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1787becfb691607e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1485
    os.getenv("PROXY_BUDGET_RESCHEDULER_MAX_TIME", 605)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a339265135c25cbb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1488
    os.getenv("PROXY_BATCH_WRITE_AT", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bb367a02b467979 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1493
APSCHEDULER_COALESCE = os.getenv("APSCHEDULER_COALESCE", "True").lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba08f5472dcdc58b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1498
    os.getenv("APSCHEDULER_MISFIRE_GRACE_TIME", 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a853c203025fdf61 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1501
    os.getenv("APSCHEDULER_MAX_INSTANCES", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ee6a3efe0c50c42 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1503
APSCHEDULER_REPLACE_EXISTING = os.getenv(
    "APSCHEDULER_REPLACE_EXISTING", "True"
).lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e196583e7f60fbbc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1515
    os.getenv("DEFAULT_HEALTH_CHECK_INTERVAL", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f661c0dc637d2b9b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1518
    os.getenv("DEFAULT_SHARED_HEALTH_CHECK_TTL", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c76dae097cb14daf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1521
    os.getenv("DEFAULT_SHARED_HEALTH_CHECK_LOCK_TTL", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d07f3ddfa1ddba0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1527
    os.getenv("PROMETHEUS_FALLBACK_STATS_SEND_TIME_HOURS", 9)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffafd313d6aa4b1c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1530
    os.getenv("DEFAULT_MODEL_CREATED_AT_TIME", 1677610602)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1775d1479d2bdff Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1533
    os.getenv("DEFAULT_SLACK_ALERTING_THRESHOLD", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a435ba4d1eca011 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1535
MAX_TEAM_LIST_LIMIT = int(os.getenv("MAX_TEAM_LIST_LIMIT", 20))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #418cc673d8d043f5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1537
    os.getenv("MAX_POLICY_ESTIMATE_IMPACT_ROWS", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0866fbb00c85ae50 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1540
    os.getenv("DEFAULT_PROMPT_INJECTION_SIMILARITY_THRESHOLD", 0.7)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60dcdf2edce740e9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1542
LENGTH_OF_LITELLM_GENERATED_KEY = int(os.getenv("LENGTH_OF_LITELLM_GENERATED_KEY", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ea9ed85e68c8650 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1544
    os.getenv("SECRET_MANAGER_REFRESH_INTERVAL", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44953b3730242029 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1558
    os.getenv("DEFAULT_MANAGEMENT_OBJECT_IN_MEMORY_CACHE_TTL", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09cd623648bf9926 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1560
DEFAULT_ACCESS_GROUP_CACHE_TTL = int(os.getenv("DEFAULT_ACCESS_GROUP_CACHE_TTL", 600))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d956ff83eb7aadf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1631
    os.getenv("COROUTINE_CHECKER_MAX_SIZE_IN_MEMORY", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f044fdb73d356f2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1635
DEFAULT_CHUNK_SIZE = int(os.getenv("DEFAULT_CHUNK_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d64d97ed49d5a20 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1636
DEFAULT_CHUNK_OVERLAP = int(os.getenv("DEFAULT_CHUNK_OVERLAP", 200))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb802df534e5f63c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1639
S3_VECTORS_DEFAULT_DIMENSION = int(os.getenv("S3_VECTORS_DEFAULT_DIMENSION", 1024))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3239a1de661857ff Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1641
    os.getenv("S3_VECTORS_DEFAULT_DISTANCE_METRIC", "cosine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ed96350edd95719 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1647
    os.getenv("MICROSOFT_USER_EMAIL_ATTRIBUTE", "userPrincipalName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #692119665297a4d0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1650
    os.getenv("MICROSOFT_USER_DISPLAY_NAME_ATTRIBUTE", "displayName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43ee44ded5dd25f0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1652
MICROSOFT_USER_ID_ATTRIBUTE = str(os.getenv("MICROSOFT_USER_ID_ATTRIBUTE", "id"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c41c80a9a6ad1608 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1654
    os.getenv("MICROSOFT_USER_FIRST_NAME_ATTRIBUTE", "givenName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d04eefdae5d90bd5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1657
    os.getenv("MICROSOFT_USER_LAST_NAME_ATTRIBUTE", "surname")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #983e50be3d097f23 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1663
    os.getenv("MAX_PAYLOAD_SIZE_FOR_DEBUG_LOG", 102400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d802401c10b0f45 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1667
MAX_COMPETITOR_NAMES = int(os.getenv("MAX_COMPETITOR_NAMES", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc39b5724cc7c6aa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1668
COMPETITOR_LLM_TEMPERATURE = float(os.getenv("COMPETITOR_LLM_TEMPERATURE", 0.3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ae0833d159a32a8 Filesystem access.
pkgs/python/[email protected]/litellm/containers/endpoint_factory.py:40
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b323eae5466e5842 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:205
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f61a60d6ab4e0ff Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:206
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df902a003c88522f Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:212
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81f2125f605402f9 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:220
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc3173bb97dd52ed Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:430
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b47c5ba01ca2db1 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:431
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #545e1b590c6441cf Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:437
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3910203aa09c994b Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:445
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7a2a7045674ddeb Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:592
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4af46c378dcef7a Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:593
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fc4392606657f07 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:599
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0308e5b5a2aefda9 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:607
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da815fdd5b514658 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:749
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c42475665c4f2361 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:750
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4085e44c8d6b992a Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:756
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea506df1f2b5ac9b Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:763
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1377bb371e471517 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1120
    base_url={os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #801a520f3eeac071 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1165
        webhook_url = os.getenv("WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1f04d137b08bda6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1214
            email_logo_url = os.getenv(
                "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e53d75e6063d5b5d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1215
                "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #497dbf423e818876 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1217
            email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #307546ce84ed5c6d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1243
            base_url = os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c793ac5ac2aad0a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1316
        email_logo_url = os.getenv(
            "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b6a784b1e8a284e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1317
            "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #233b5144e793307b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1319
        email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dcdb4b42f0f6358 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1452
                _digest_webhook = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #996e9d396616a7fa Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1479
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #988221de20d87f98 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1508
            slack_webhook_url = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6edc6cfdb8c0bfd2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1586
                _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ba3d7582c742c3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:24
            api_key=os.getenv("AGENTOPS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b8d83b626f7064a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:25
            service_name=os.getenv("AGENTOPS_SERVICE_NAME", "agentops"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21ff6db4fed11a2a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:26
            deployment_environment=os.getenv("AGENTOPS_ENVIRONMENT", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40e21e90d5fc4a2f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:63
            float(os.getenv("ARGILLA_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64b19aeac3235c08 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:64
            if os.getenv("ARGILLA_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcd0e5554f782b80 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:65
            and os.getenv("ARGILLA_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edb0296effe8b4af Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:73
            os.getenv("ARGILLA_BATCH_SIZE", None) or litellm.argilla_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8defe5fc07c2f08 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:101
        _credentials_api_key = argilla_api_key or os.getenv("ARGILLA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0207d6b58793587 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:107
            or os.getenv("ARGILLA_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b23cda93eb1506c3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:117
            or os.getenv("ARGILLA_DATASET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddcfadaf1e0666b4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:238
                float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #927886172034ae7e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:239
                if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f555f338e02b2b2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:240
                and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a067f1a4ea74afcf Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/__init__.py:22
    api_key = getattr(litellm_params, "api_key", None) or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46cb5de3335797e4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/__init__.py:22
    api_key = getattr(litellm_params, "api_key", None) or os.environ.get(
        "PHOENIX_API_KEY"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e290578b92474fea Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:86
        space_id = os.environ.get("ARIZE_SPACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2f1bb3462be2209 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:87
        space_key = os.environ.get("ARIZE_SPACE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01ccbe14b9d59633 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:88
        api_key = os.environ.get("ARIZE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c79669a0dff8f75b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:89
        project_name = os.environ.get("ARIZE_PROJECT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0735462d1665dd32 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:91
        grpc_endpoint = os.environ.get("ARIZE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c9e80d842b4aaca Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:92
        http_endpoint = os.environ.get("ARIZE_HTTP_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e64bd5bb3831624 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:285
        api_key = os.environ.get("PHOENIX_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a4b99904a9e4fff Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:287
        collector_endpoint = os.environ.get("PHOENIX_COLLECTOR_HTTP_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29c25027f00df091 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:290
            grpc_endpoint = os.environ.get("PHOENIX_COLLECTOR_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fed6c75c41a7eb22 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:291
            http_endpoint = os.environ.get("PHOENIX_COLLECTOR_HTTP_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #611577673e765db2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:337
        project_name = os.environ.get("PHOENIX_PROJECT_NAME", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa7af81503ddf17b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:10
        self.athina_api_key = os.getenv("ATHINA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8908917a52ecd412 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:16
            os.getenv("ATHINA_BASE_URL", "https://log.athina.ai")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff6fcf8cb3795738 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:65
        self.dcr_immutable_id = dcr_immutable_id or os.getenv(
            "AZURE_SENTINEL_DCR_IMMUTABLE_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff7287227ed0557b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:68
        self.stream_name = stream_name or os.getenv(
            "AZURE_SENTINEL_STREAM_NAME", "Custom-LiteLLM"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e22eea5f9402d8db Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:71
        self.endpoint = endpoint or os.getenv("AZURE_SENTINEL_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2c5162177eb2649 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:74
            or os.getenv("AZURE_SENTINEL_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31ce1e87875346a4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:75
            or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ad764243fdeeafb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:79
            or os.getenv("AZURE_SENTINEL_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1450bc7cdeefc411 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:80
            or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ec3fb39a8fef6e6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:84
            or os.getenv("AZURE_SENTINEL_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2fcab65158d7066 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:85
            or os.getenv("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78460f6476cd4556 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:32
            self.tenant_id = os.getenv("AZURE_STORAGE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5ea47ce9ad7d0b6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:33
            self.client_id = os.getenv("AZURE_STORAGE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40c8791cbf6d7928 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:34
            self.client_secret = os.getenv("AZURE_STORAGE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e60206a1ce7deca2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:35
            self.azure_storage_account_key: Optional[str] = os.getenv(
                "AZURE_STORAGE_ACCOUNT_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a55da5579dc720ef Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:40
            _azure_storage_account_name = os.getenv("AZURE_STORAGE_ACCOUNT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a719e0cb3e14c1a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:46
            _azure_storage_file_system = os.getenv("AZURE_STORAGE_FILE_SYSTEM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d06f49d1cd4afb90 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:48
        self.api_base = api_base or os.getenv("BRAINTRUST_API_BASE") or API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89df2d45f5f7cb61 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:50
        self.api_key: str = api_key or os.getenv("BRAINTRUST_API_KEY")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #800365e69e9e0006 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:71
        if api_key is None and os.getenv("BRAINTRUST_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba53c5c2796dbda0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_mock_client.py:54
_MOCK_LATENCY_SECONDS = float(os.getenv("BRAINTRUST_MOCK_LATENCY_MS", "100")) / 1000.0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9a46e5a90151501 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:37
        self.api_key = api_key or os.getenv("CLOUDZERO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18f4bda1342b4810 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:38
        self.connection_id = connection_id or os.getenv("CLOUDZERO_CONNECTION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bbbc540916f3035 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:39
        self.timezone = timezone or os.getenv("CLOUDZERO_TIMEZONE", "UTC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af442eec790b9d84 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:117
            dd_agent_host = os.getenv("LITELLM_DD_AGENT_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26e747e167c902d6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:163
        dd_agent_port = os.getenv(
            "LITELLM_DD_AGENT_PORT", "10518"
        )  # default port for logs

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a900d3ed254e3a2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:167
        self.DD_API_KEY = os.getenv("DD_API_KEY")  # Optional when using agent

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d67a5abd531f072 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:177
        if os.getenv("DD_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7420f64422ebbfff Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:179
        if os.getenv("DD_SITE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15439d8c8e663cf3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:182
        self.DD_API_KEY = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31c4420c10e0783c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:183
        self.intake_url = f"https://http-intake.logs.{os.getenv('DD_SITE')}/api/v2/logs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bfdf4bae43eef68 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:21
        self.dd_api_key = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1416f8d7f83c4fb0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:22
        self.dd_app_key = os.getenv("DD_APP_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61fa8a8298208a22 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:23
        self.dd_site = os.getenv("DD_SITE", "datadoghq.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bd16c6b918c4649 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:12
    return os.getenv("DD_SOURCE", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47f13a814dfdc0a9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:16
    return os.getenv("DD_SERVICE", "litellm-server")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #586b2210c0e4631d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:20
    return os.getenv("HOSTNAME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd2c404bfcd65258 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:28
    return os.getenv("DD_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c588495398ce64b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:32
    return os.getenv("DD_ENV", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce466e9d94cbf35b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:36
    return os.getenv("POD_NAME", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #442f0c1f1a1dc842 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:52
        "version": os.getenv("DD_VERSION", "unknown"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0c32984297059d5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:63
            dd_agent_host = os.getenv("LITELLM_DD_AGENT_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18b10be7b64e38b0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:68
            self.DD_API_KEY = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #989a529301d0354a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:74
                if os.getenv("DD_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d531f5e933ffb45b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:76
                if os.getenv("DD_SITE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b85186c2725735c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:109
        agent_port = os.getenv("LITELLM_DD_LLM_OBS_PORT", "8126")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a303a7a0f8af171 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:123
        self.DD_SITE = os.getenv("DD_SITE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d9ab3cf09afc892 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:32
        self.dd_api_key = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2eb10968786bed8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:33
        self.dd_app_key = os.getenv("DD_APP_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abc05dc978db04ac Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:34
        self.dd_site = os.getenv("DD_SITE", "datadoghq.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f52e01dd374c39e6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:76
            f"version:{os.getenv('DD_VERSION', 'unknown')}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e7e5435763bdfcd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:24
        api_key = os.getenv("CONFIDENT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5adacf4f651b5067 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:25
        self.litellm_environment = os.getenv("LITELM_ENVIRONMENT", "development")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1387871531d55f8f Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:157
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c8f75b55bed4061 Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:324
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9570bc288b738502 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/dynamodb.py:20
            "dynamodb", region_name=os.environ["AWS_REGION_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eab835fec598ab9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:82
    email_logo_url = os.getenv("SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01752953b4fc022f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:83
    email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f627a03c7ced28d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:45
                or os.getenv("FOCUS_S3_BUCKET_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55b802ad904dde5a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:47
                or os.getenv("FOCUS_S3_REGION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc674919beb9ef15 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:49
                or os.getenv("FOCUS_S3_ENDPOINT_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa3684251cec27f2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:51
                or os.getenv("FOCUS_S3_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06339166283c72bb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:53
                or os.getenv("FOCUS_S3_SECRET_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ddbd87ec2d6911b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:55
                or os.getenv("FOCUS_S3_SESSION_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75047e020671ac01 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:62
                "api_key": overrides.get("api_key") or os.getenv("VANTAGE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f13aa76d80a20369 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:64
                or os.getenv("VANTAGE_INTEGRATION_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3a9d6760b1b97e7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:66
                or os.getenv("VANTAGE_BASE_URL", "https://api.vantage.sh"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cd57bef20a29128 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:41
        self.provider = (provider or os.getenv("FOCUS_PROVIDER") or "s3").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e00f070549c5ec57 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:43
            export_format or os.getenv("FOCUS_FORMAT") or "parquet"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5821c1a46ff9d2ba Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:45
        self.frequency = (frequency or os.getenv("FOCUS_FREQUENCY") or "hourly").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fe840f72383f00c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:49
            else int(os.getenv("FOCUS_CRON_OFFSET", "5"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ce6af3781b2f868 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:54
            else os.getenv("FOCUS_INTERVAL_SECONDS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25532760eb2ad88b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:65
        env_prefix = os.getenv("FOCUS_PREFIX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8301f2b56129be16 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:40
        self.base_url = os.getenv("GALILEO_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22e9caff587f540d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:41
        self.project_id = os.getenv("GALILEO_PROJECT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22d3cea6ceed8354 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:59
                "username": os.getenv("GALILEO_USERNAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50f9990fc97a53ad Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:60
                "password": os.getenv("GALILEO_PASSWORD"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b82096af66901dc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:34
        self.batch_size = int(os.getenv("GCS_BATCH_SIZE", GCS_DEFAULT_BATCH_SIZE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51c243d4b89ee493 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:36
            os.getenv("GCS_FLUSH_INTERVAL", GCS_DEFAULT_FLUSH_INTERVAL_SECONDS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26cacf66a38cce2a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:39
            os.getenv(
                "GCS_USE_BATCHED_LOGGING", str(GCS_DEFAULT_USE_BATCHED_LOGGING).lower()
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88b76a0910788fa3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:43
        _path_service_account = os.getenv("GCS_PATH_SERVICE_ACCOUNT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41b4582268a2ea0c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:44
        _bucket_name = bucket_name or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82522f148766d9f9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:96
        project_id = os.getenv("GOOGLE_SECRET_MANAGER_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f3633fcad9e182d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:55
        self.project_id = project_id or os.getenv("GCS_PUBSUB_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b595b08a6cbead23 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:56
        self.topic_id = topic_id or os.getenv("GCS_PUBSUB_TOPIC_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de125329c035df51 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:57
        self.path_service_account_json = credentials_path or os.getenv(
            "GCS_PATH_SERVICE_ACCOUNT"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #676847a0802d3b9b Filesystem access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:43
        with open(json_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd07099cc13d0454 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:94
        return os.getenv(env_var_name, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f74c5a2f2f98a32 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:162
        endpoint = endpoint or os.getenv("GENERIC_LOGGER_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ac801d5624fa2b4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:216
        env_headers = os.getenv("GENERIC_LOGGER_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14e8799ba47490d7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:12
        self.greenscale_api_key = os.getenv("GREENSCALE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc3039067fb2e500 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:17
        self.greenscale_logging_url = os.getenv("GREENSCALE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6583fe87bcb160e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:39
        self.key = os.getenv("HELICONE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbf5777e9a143ba9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:40
        self.api_base = os.getenv("HELICONE_API_BASE") or "https://api.hconeai.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85ce7326edab8293 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:53
        if os.getenv("LAGO_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6209d62a03cc30f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:56
        if os.getenv("LAGO_API_BASE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f7ecce9c735149c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:59
        if os.getenv("LAGO_API_EVENT_CODE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1966e14a7156f11b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:92
        if os.getenv("LAGO_API_CHARGE_BY", None) is not None and isinstance(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed8e4eda6a671b93 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:93
            os.environ["LAGO_API_CHARGE_BY"], str

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fde660c44e94023 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:95
            if os.environ["LAGO_API_CHARGE_BY"] in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b95b3ffc9a81206f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:100
                charge_by = os.environ["LAGO_API_CHARGE_BY"]  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d9fb7eb483b1992 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:122
                "code": os.getenv("LAGO_API_EVENT_CODE"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #323bd6e10049d458 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:133
        _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ba5e3337e5ede40 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:142
        api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2865946924b50441 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:167
            _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc4e1ab8a1da8ad0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:178
            api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b095cc359117fc97 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:105
            langfuse_secret or langfuse_secret_key or os.getenv("LANGFUSE_SECRET_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ba68c5efa4c14f7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:107
        public_key = langfuse_public_key or os.getenv("LANGFUSE_PUBLIC_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3db9fd5eae5cc1e3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:109
    resolved_host = langfuse_host or os.getenv(
        "LANGFUSE_HOST", "https://cloud.langfuse.com"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5feb101ef9bcf66 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:147
        self.langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f2cbf6c4b0526f5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:148
        self.langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe8a38c1fe88ae96 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:179
            os.environ["LANGFUSE_PROJECT_ID"] = "mock-project-id"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2a4f589aab77045 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:184
                os.environ["LANGFUSE_PROJECT_ID"] = project_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d5430e824ccb2d4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:188
        if os.getenv("UPSTREAM_LANGFUSE_SECRET_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #528750e34cc25896 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:189
            upstream_langfuse_debug_env = os.getenv("UPSTREAM_LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6c469475eb5ed38 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:195
            self.upstream_langfuse_secret_key = os.getenv(
                "UPSTREAM_LANGFUSE_SECRET_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75fe26b8a8f3aa1d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:198
            self.upstream_langfuse_public_key = os.getenv(
                "UPSTREAM_LANGFUSE_PUBLIC_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2598e2ee52c2fb6e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:201
            self.upstream_langfuse_host = os.getenv("UPSTREAM_LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a5daa9f92a38f95 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:202
            self.upstream_langfuse_release = os.getenv("UPSTREAM_LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9efaa238b8395cd5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:743
                proxy_base_url = os.environ.get("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e113d0a96f54e3de Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:1057
        return int(os.getenv("LANGFUSE_FLUSH_INTERVAL") or flush_interval)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7c95c9d08f8575f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:235
        langfuse_environment = os.environ.get("LANGFUSE_TRACING_ENVIRONMENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8109d663621adade Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:265
        return os.environ.get("LANGFUSE_OTEL_HOST") or os.environ.get("LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da12472a525285b7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:274
        public_key = os.environ.get("LANGFUSE_PUBLIC_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #419b41380459ac78 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:275
        secret_key = os.environ.get("LANGFUSE_SECRET_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfd6e00f30ad8506 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:322
        public_key = os.environ.get("LANGFUSE_PUBLIC_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f60aa6d748b34eb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:323
        secret_key = os.environ.get("LANGFUSE_SECRET_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1a23650e3a77896 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:88
    langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5b52349f51fd6b7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:89
    langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8ad016d6f28fdf1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:69
            or float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c4f004bc92382a3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:70
            if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e19e6cd4ba9f7b8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:71
            and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44f7a14d47f93310 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:74
        self.langsmith_default_run_name = os.getenv(
            "LANGSMITH_DEFAULT_RUN_NAME", "LLMRun"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97ea43f0710f0ed0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:81
            os.getenv("LANGSMITH_BATCH_SIZE", None) or litellm.langsmith_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e7b13df6e49c44d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:124
            _credentials_api_key = langsmith_api_key or os.getenv("LANGSMITH_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f098c327573fee62 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:127
                or os.getenv("LANGSMITH_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e920a4be732efff Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:132
                or os.getenv("LANGSMITH_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #353a4cef70d5aaaa Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:135
            _credentials_tenant_id = langsmith_tenant_id or os.getenv(
                "LANGSMITH_TENANT_ID"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac139159f1a98301 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:52
        api_key = os.environ.get("LEVOAI_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac0b806c3e959f79 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:53
        org_id = os.environ.get("LEVOAI_ORG_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd9f039b8e13428f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:54
        workspace_id = os.environ.get("LEVOAI_WORKSPACE_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5607046a678311f3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:55
        collector_url = os.environ.get("LEVOAI_COLLECTOR_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09b1af20e116fdd6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:28
        self.literalai_api_url = os.getenv("LITERAL_API_URL") or literalai_api_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81dd4817f357d4fb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:31
            "x-api-key": literalai_api_key or os.getenv("LITERAL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6575b78798fc14eb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:40
        batch_size = os.getenv("LITERAL_BATCH_SIZE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e61ef684553aae3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/logfire_logger.py:36
                logfire.configure(token=os.getenv("LOGFIRE_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7b1847885ecd43b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mock_client_factory.py:128
        float(os.getenv(latency_env, str(config.default_latency_ms))) / 1000.0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e636e38e2749435 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mock_client_factory.py:278
        mock_mode = os.getenv(config.env_var, "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1901a2fd6bbafdd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:46
        if os.getenv("OPENMETER_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca112b0090214d38 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:87
            "type": os.getenv("OPENMETER_EVENT_TYPE", "litellm_tokens"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45040d45b08518d5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:96
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a484bbebb8c43c2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:102
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e7a9459b17901b9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:122
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f5f1ee89f8462f4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:128
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56333303fbf51638 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:52
LITELLM_TRACER_NAME = os.getenv("OTEL_TRACER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc1ae3bfeda2a6e6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:53
LITELLM_METER_NAME = os.getenv("LITELLM_METER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25506d9843324dce Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:54
LITELLM_LOGGER_NAME = os.getenv("LITELLM_LOGGER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dc640e7e708970c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:88
            self.service_name = os.getenv("OTEL_SERVICE_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4661502687772b50 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:90
            self.deployment_environment = os.getenv(
                "OTEL_ENVIRONMENT_NAME", "production"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70953e950271e77b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:94
            self.model_id = os.getenv("OTEL_MODEL_ID", self.service_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0e303c63d536dc7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:97
                os.getenv("OTEL_IGNORE_CONTEXT_PROPAGATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e45b064f7cce982 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:113
        exporter = os.getenv(
            "OTEL_EXPORTER_OTLP_PROTOCOL", os.getenv("OTEL_EXPORTER", "console")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa511efa42c9a6c7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:114
            "OTEL_EXPORTER_OTLP_PROTOCOL", os.getenv("OTEL_EXPORTER", "console")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6248a6529e79b6d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:116
        endpoint = os.getenv("OTEL_EXPORTER_OTLP_ENDPOINT", os.getenv("OTEL_ENDPOINT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb38c4d7dec664ff Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:117
        headers = os.getenv(
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")
        )  # example: OTEL_HEADERS=x-honeycomb-team=B85YgLm96***"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #676471d0189813b5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:118
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f34b2c5fac14193 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:121
            os.getenv("LITELLM_OTEL_INTEGRATION_ENABLE_METRICS", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e8dddeafcf5fe39 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:125
            os.getenv("LITELLM_OTEL_INTEGRATION_ENABLE_EVENTS", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e73787c7cbba848c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:128
        service_name = os.getenv("OTEL_SERVICE_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0856fbffda25507a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:129
        deployment_environment = os.getenv("OTEL_ENVIRONMENT_NAME", "production")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9090a95534f73ac Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:130
        model_id = os.getenv("OTEL_MODEL_ID", service_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4fed4346260ab23 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:168
        _debug_otel = str(os.getenv("DEBUG_OTEL", "False")).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f10f7a10896c7c9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2139
        otel_logs_exporter = os.getenv("OTEL_LOGS_EXPORTER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5f5871ab5368fae Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opik/utils.py:58
    return os.getenv((env_prefix + key).upper(), None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bd236b2c479673a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:56
            if os.getenv("POSTHOG_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad32ce262e83d208 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:64
            self.POSTHOG_API_KEY = os.getenv("POSTHOG_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b7c7ffdd119f031 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:65
            posthog_api_url = os.getenv("POSTHOG_API_URL", "https://us.i.posthog.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9c6bb5ade28707a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/prometheus.py:3485
        if "PROMETHEUS_MULTIPROC_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b5f459a894478cc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:15
        self.key = os.getenv("PROMPTLAYER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #add0a0cafb00dd3f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:18
        self.supabase_url = os.getenv("SUPABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c34792b85cb5ebe9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:19
        self.supabase_key = os.getenv("SUPABASE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de6aa5e388f8dbfa Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:46
        resolved_api_key = api_key or os.getenv("VANTAGE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34494aad532e5f60 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:47
        resolved_token = integration_token or os.getenv("VANTAGE_INTEGRATION_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a47a2c8c97f1d5d2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:48
        resolved_base_url = base_url or os.getenv(
            "VANTAGE_BASE_URL", "https://api.vantage.sh"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e9fa13cb29d3a13 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:52
            frequency or os.getenv("VANTAGE_EXPORT_FREQUENCY") or "hourly"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #530295c336b3defb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:55
        raw_interval = interval_seconds or os.getenv("VANTAGE_EXPORT_INTERVAL_SECONDS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #975c4331f928afca Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:140
    api_key = os.getenv("WANDB_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8936cf79eb7b0b56 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:141
    project_id = os.getenv("WANDB_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4f659da9f77905a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:142
    host = os.getenv("WANDB_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cc3f839a99c7940 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:169
    os.environ["OTEL_EXPORTER_OTLP_ENDPOINT"] = endpoint

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4351a8968f8d36be Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:170
    os.environ["OTEL_EXPORTER_OTLP_HEADERS"] = otlp_auth_headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #476d2ac95c570b35 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:70
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b307df6cc2afb5e Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:88
                with open(str(content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb5bb3634e98ed0a Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:178
                with open(str(file_content_obj), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38817bdead7559d8 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:228
    return open(file_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1fb5862a94b6e4a Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:265
            with open(str(file), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #117e1b6ac9aec2cb Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/cli_token_utils.py:28
        with open(token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf7d878e97d06a7e Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:21
custom_cache_dir = os.getenv("CUSTOM_TIKTOKEN_CACHE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b95b91f163270465 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:29
os.environ["TIKTOKEN_CACHE_DIR"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1309e77b03c60190 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/env_utils.py:14
    raw = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6fe126bbb1af181 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_blog_posts.py:55
            files("litellm").joinpath("blog_posts.json").read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19eb72965242009e Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_blog_posts.py:134
        if os.getenv("LITELLM_LOCAL_BLOG_POSTS", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25894b00488c5dbf Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:40
            files("litellm")
            .joinpath("model_prices_and_context_window_backup.json")
            .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bd1b89e1f221ab8 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:258
    if os.getenv("LITELLM_LOCAL_MODEL_COST_MAP", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc62fb01c1cb270e Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3615
                    os.environ.get("SENTRY_API_TRACE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7e8749a824739c7 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3616
                    if "SENTRY_API_TRACE_RATE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26c8c06ca05340e5 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3620
                    os.environ.get("SENTRY_API_SAMPLE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dd95175da0cac93 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3621
                    if "SENTRY_API_SAMPLE_RATE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #550aad6cec245e35 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3625
                    dsn=os.environ.get("SENTRY_DSN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6727b2820274d60a Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3634
                    environment=os.environ.get("SENTRY_ENVIRONMENT", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #217ac8387511e7b4 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3648
                    token=os.environ.get("SLACK_API_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b0897e4dce4e530 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3649
                    signing_secret=os.environ.get("SLACK_API_SECRET"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #626a901facd1bf96 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3651
                alerts_channel = os.environ["SLACK_API_CHANNEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f6fd6f1fd3d41b1 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3877
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb1a0ac3dc0b0e4a Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3902
                existing_attrs = os.environ.get("OTEL_RESOURCE_ATTRIBUTES", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89390503cebfbc4a Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3905
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c46ca54c21b06005 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3909
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c66ceec4183e5c47 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3914
            phoenix_project_name = os.environ.get("PHOENIX_PROJECT_NAME", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8df9ff366082f56 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3916
                existing_attrs = os.environ.get("OTEL_RESOURCE_ATTRIBUTES", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7173c2aa162c2519 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3919
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd1cff756471babe Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3923
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e3e8b287a2e584a Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3929
                os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a109b3183214713a Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4035
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #270bce07fcaff2b5 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4042
            logfire_base_url = os.getenv(
                "LOGFIRE_BASE_URL", "https://logfire-api.pydantic.dev"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73fe6f7c57956877 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4048
                headers=f"Authorization={os.getenv('LOGFIRE_TOKEN')}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78b0441feedb0fa0 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4106
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67ddbda4ef6523ae Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4118
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b4da437b416381f Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4119
                f"api_key={os.getenv('LANGTRACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f90ac03bbdd688a0 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4325
    if not any(os.environ.get(v) for v in phoenix_env_vars):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a0ecfeeb97d03fd Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4480
            if "ARIZE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0666391b4f337e96 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4489
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #012e3dc585d9e902 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4518
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae20e620a2b7a0db Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:5616
    if os.getenv("LITELLM_PRINT_STANDARD_LOGGING_PAYLOAD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8434fcf82738f5df Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/common_utils.py:748
        with open(file_content, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df79101ae25600dc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/anthropic/count_tokens/token_counter.py:60
            api_key = os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cae3d653a77f97e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/anthropic/experimental_pass_through/utils.py:12
        or os.getenv("LITELLM_REASONING_AUTO_SUMMARY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #846e4565ac43c051 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:179
    azure_authority_host = os.getenv(
        "AZURE_AUTHORITY_HOST", "https://login.microsoftonline.com"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #711819d7db7f9db8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:182
    azure_client_id = azure_client_id or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91fcff177c37affd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:183
    azure_tenant_id = azure_tenant_id or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25a7a8caf26dcfde Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:298
    tenant_id = litellm_params.get("tenant_id") or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #723d6bc30ac41301 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:299
    client_id = litellm_params.get("client_id") or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf5fc438f41021ae Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:300
    client_secret = litellm_params.get("client_secret") or os.getenv(
        "AZURE_CLIENT_SECRET"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfc5962c05ef6d6c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:303
    azure_username = litellm_params.get("azure_username") or os.getenv("AZURE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e897d19e500eb1d1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:304
    azure_password = litellm_params.get("azure_password") or os.getenv("AZURE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e90a9230e670dd3f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:305
    scope = litellm_params.get("azure_scope") or os.getenv(
        "AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a05e95dbe4ba73c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:609
            api_version = os.getenv(
                "AZURE_API_VERSION", litellm.AZURE_DEFAULT_API_VERSION
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24e1e6cdf397a7c4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:664
        tenant_id = litellm_params.get("tenant_id", os.getenv("AZURE_TENANT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9fde3e4f558d31a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:665
        client_id = litellm_params.get("client_id", os.getenv("AZURE_CLIENT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7ffb46cad165b84 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:668
            os.getenv("AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #553eff0101f99492 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:810
        return os.getenv(env_var_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92fbcce5fa4a820f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/token_counter.py:62
            api_key = os.getenv("AZURE_AI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #170feb9e5aa56902 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/token_counter.py:67
            api_base = os.getenv("AZURE_AI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72a8ba58e740cfb6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:146
                if key.upper() in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2ac8544f8004fb1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:147
                    params_to_check[i] = os.getenv(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #286ccfebda308581 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:648
        current_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #577ce71b8e475eee Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:649
        web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #212d829ddcfdd0f8 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:777
        with open(web_identity_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #083082ce472c2751 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:925
        web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eaf13d1adf79927 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:926
        irsa_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a75feac3bf8416ca Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:930
            or os.getenv("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b15e45911bb99453 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:931
            or os.getenv("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d90dd6b78016b1b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/batches/transformation.py:108
        output_bucket = litellm_params.get("s3_output_bucket_name") or os.getenv(
            "AWS_S3_OUTPUT_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03ca16a0001fee95 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/batches/transformation.py:119
            or os.getenv("AWS_BATCH_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdf308711bca328e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/common_utils.py:1236
            or os.getenv(bucket_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8a6140c42f6d539 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:112
        bucket_name = bucket_name or os.getenv("AWS_S3_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91f5b5a27b7ec018 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:102
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d54c0a97c80e01db Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:181
        bucket_name = litellm_params.get("s3_bucket_name") or os.getenv(
            "AWS_S3_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb16c41ad95c91e9 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:778
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a33a0d093311d632 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/image_edit/amazon_nova_canvas_image_edit_transformation.py:145
        with open(image, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c50f5a422bf4d55 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:33
        self.token_dir = os.getenv(
            "CHATGPT_TOKEN_DIR",
            os.path.expanduser("~/.config/litellm/chatgpt"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e77334a5f37bf4a4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:38
            self.token_dir, os.getenv("CHATGPT_AUTH_FILE", "auth.json")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3df41255bb908220 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:44
            os.getenv("CHATGPT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f092eed6552fa3c8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:45
            or os.getenv("OPENAI_CHATGPT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc6532282e06b4b8 Filesystem access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:95
            with open(self.auth_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78c5e48e475271e8 Filesystem access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:105
            with open(self.auth_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c45d8111cda06baa Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:153
    term_program = os.getenv("TERM_PROGRAM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a98b475545b56951 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:155
        version = os.getenv("TERM_PROGRAM_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6a29685a63d67b6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:159
    wezterm_version = os.getenv("WEZTERM_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #530c7bb44848f956 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:165
        os.getenv("ITERM_SESSION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9519c8be5e6ae374 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:166
        or os.getenv("ITERM_PROFILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #688e4b87bba3599a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:167
        or os.getenv("ITERM_PROFILE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57eb69f488b81e6b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:171
    if os.getenv("TERM_SESSION_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80b7d7b43fe80a68 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:174
    if os.getenv("KITTY_WINDOW_ID") or "kitty" in (os.getenv("TERM") or ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baa0ef68540fb3aa Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:177
    if os.getenv("ALACRITTY_SOCKET") or os.getenv("TERM") == "alacritty":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #546164e6be3116bd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:180
    konsole_version = os.getenv("KONSOLE_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #949a217e32f6e500 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:185
    if os.getenv("GNOME_TERMINAL_SCREEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bc667605994a358 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:188
    vte_version = os.getenv("VTE_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2e8ebe45de1306b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:193
    if os.getenv("WT_SESSION"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30fabcf011075d6a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:196
    term = os.getenv("TERM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2e8b482743a2017 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:213
    originator = os.getenv("CHATGPT_ORIGINATOR") or DEFAULT_ORIGINATOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af18a91ca77ff0b3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:218
    override = os.getenv("CHATGPT_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f91dfe071f3103c6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:226
    suffix = os.getenv("CHATGPT_USER_AGENT_SUFFIX", "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20871c0b339ea34c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:256
    return os.getenv("CHATGPT_DEFAULT_INSTRUCTIONS") or CHATGPT_DEFAULT_INSTRUCTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1f1d61480efd534 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/aiohttp_transport.py:353
            or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRUST_ENV", "False"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42f90df9451460c7 Filesystem access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/container_handler.py:45
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5404e06771047612 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:121
    user_agent = os.environ.get("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #842324ded170263d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:251
        ssl_verify = os.getenv("SSL_VERIFY", litellm.ssl_verify)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #681b8042d1412125 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:266
        ssl_cert_file = os.getenv("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e83c2c1e72fb313 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:308
    ssl_security_level = os.getenv("SSL_SECURITY_LEVEL", litellm.ssl_security_level)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9344eee2217d2aab Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:309
    ssl_ecdh_curve = os.getenv("SSL_ECDH_CURVE", litellm.ssl_ecdh_curve)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac3c624e3250bf7a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:315
        ssl_cert_file = os.getenv("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8591dbc5b8ba6f30 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:504
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #829e3691ef1728b0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:890
            or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRANSPORT", "False")) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #319d3412f1e9e3c2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:952
        if str_to_bool(os.getenv("AIOHTTP_TRUST_ENV", "False")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9933a43629d34f96 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:1042
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b777d0cbfb3d7d0e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/httpx_handler.py:19
    user_agent = os.environ.get("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6a47161685308d3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/chat/transformation.py:171
            or os.getenv("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0b66c0bf9019bd0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/chat/transformation.py:172
            or os.getenv("DATABRICKS_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #469a48436ed0a1d6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:340
        client_id = os.getenv("DATABRICKS_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9b5f0512f6f1774 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:341
        client_secret = os.getenv("DATABRICKS_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f368e4fd670485e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:345
            api_base = os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb73ca5ab219c13c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/embed/handler.py:36
            or os.getenv("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90689cdfb940d8b4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/embed/handler.py:37
            or os.getenv("DATABRICKS_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c38fed7858ac69b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:48
        api_key = litellm_params.api_key or os.getenv("DATABRICKS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fcfe5cbbd17eb04 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:49
        api_base = litellm_params.api_base or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #785df7bf8df248cc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:71
        api_base = api_base or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73944ce2972ab49c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:31
        self.token_dir = os.getenv(
            "GITHUB_COPILOT_TOKEN_DIR",
            os.path.expanduser("~/.config/litellm/github_copilot"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78e781aa9b4a9f5b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:37
            os.getenv("GITHUB_COPILOT_ACCESS_TOKEN_FILE", "access-token"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98a7dca62807af9c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:40
            self.token_dir, os.getenv("GITHUB_COPILOT_API_KEY_FILE", "api-key.json")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #523f89b5d536278c Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:55
            with open(self.access_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75a63e8737c2fb7c Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:69
                    with open(self.access_token_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #788e7a95b0684fb4 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:94
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b73c0f6909c5021a Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:113
            with open(self.api_key_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f52c0a45353a6f8 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:143
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fdbd54943fd76e8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:164
        api_key_url = os.getenv(
            "GITHUB_COPILOT_API_KEY_URL", DEFAULT_GITHUB_API_KEY_URL
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60e073c39e91d8fb Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:238
            device_code_url = os.getenv(
                "GITHUB_COPILOT_DEVICE_CODE_URL", DEFAULT_GITHUB_DEVICE_CODE_URL
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8783d8b81dd64bd7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:241
            client_id = os.getenv("GITHUB_COPILOT_CLIENT_ID", DEFAULT_GITHUB_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39f03ec916b231b8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:294
        access_token_url = os.getenv(
            "GITHUB_COPILOT_ACCESS_TOKEN_URL", DEFAULT_GITHUB_ACCESS_TOKEN_URL
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9dabbe2bf0fc08e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:297
        client_id = os.getenv("GITHUB_COPILOT_CLIENT_ID", DEFAULT_GITHUB_CLIENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #835588014b98f6d8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/chat/transformation.py:37
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55459c0cae5f9747 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/embedding/transformation.py:108
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08832056170ec77e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/responses/transformation.py:168
            or os.getenv("GITHUB_COPILOT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #061d6b8be405ab90 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/heroku/chat/transformation.py:56
        api_base = api_base or os.getenv("HEROKU_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4056e36a612f1a0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/heroku/chat/transformation.py:57
        api_key = api_key or os.getenv("HEROKU_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71207c620e6cc8bf Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:82
            base_url = os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9e8fca992f9a50f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:102
        elif os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd8f1aaccb99a13f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:103
            complete_url = str(os.getenv("HF_API_BASE")) or str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ad2132a2cca1bea Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:104
                os.getenv("HUGGINGFACE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e34eddce69104715 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:76
    if os.getenv("HUGGINGFACE_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b2e5d1eac9f7fc2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77
        headers["Authorization"] = f"Bearer {os.getenv('HUGGINGFACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c4eed910697b12e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:355
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f963700e76c4b09b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:356
            embed_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6126baa5d20d47fe Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:357
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42c52b4d00200f47 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:358
            embed_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bd39b7ecc2f6602 Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:164
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4a9704d958e230a Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:178
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91ad58a47840b128 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:343
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11bace1870aa64a9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:344
            completion_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26ba189db481104a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:345
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cc1c855113fd58e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:346
            completion_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6058271f667da6a7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:56
        elif os.getenv("HF_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb4f331915062cf4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:57
            return os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf4d6926f1f5247e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:58
        elif os.getenv("HUGGINGFACE_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef8cda1be398ca9a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:59
            return os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7dea2882e2d309d Filesystem access.
pkgs/python/[email protected]/litellm/llms/litellm_proxy/skills/sandbox_executor.py:107
                        with open(local_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #111964a04e15d653 Filesystem access.
pkgs/python/[email protected]/litellm/llms/litellm_proxy/skills/sandbox_executor.py:277
                        with open(tmp_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfb5568e756f7b19 Filesystem access.
pkgs/python/[email protected]/litellm/llms/oci/chat/transformation.py:161
        with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0464930e84a04ea Environment-variable access.
pkgs/python/[email protected]/litellm/llms/ollama/common_utils.py:68
            os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4ddd82074d641ef Environment-variable access.
pkgs/python/[email protected]/litellm/llms/ollama/completion/transformation.py:220
            os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bade749cdcd7f4e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:273
        or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16cff906ee28dbfb Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:274
        or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c4d7973b3cf2fd6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:280
        or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2bf587e02d2ca30 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:284
        api_key or litellm.api_key or litellm.openai_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18815984aebc094a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/responses/count_tokens/token_counter.py:54
            api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bc0e7d787f33aff Filesystem access.
pkgs/python/[email protected]/litellm/llms/openai_like/json_loader.py:47
            with open(json_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c545b55d1221367 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/transformation.py:346
        elif "PREDIBASE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38f8376e0f9f1501 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/transformation.py:347
            base_url = os.getenv("PREDIBASE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fb47b9610a50407 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:30
    return os.getenv(HOME_PATH_ENV_VAR, DEFAULT_HOME_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2887446e6a8cc31f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:57
    raw = os.environ.get(var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91699b7f4755a285 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:141
    profile = profile or os.environ.get(PROFILE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6553457f296f1f1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:142
    cfg_env = os.getenv(CONFIG_FILE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e4c579bba8ccfeb Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:279
        service_key or litellm.sap_service_key or os.environ.get(SERVICE_KEY_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5bdc6ecd5ce98b4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:291
            lambda cv: _str_or_none(os.environ.get(f"AICORE_{cv.name.upper()}")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1038ece26857f0e7 Filesystem access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:480
                with open(cert_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5114eb7307e8bf43 Filesystem access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:482
                with open(key_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b77cf08029e86fe Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:236
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3389577c9f9b36f3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:297
        bucket_name = litellm_params.get("bucket_name") or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e95c749ff8c6dcc Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:899
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3540587908417693 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:69
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf1c974b5b32cda5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:77
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #485f30fc2aae1d61 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:78
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3c67b7856c6991a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:87
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39102d30edd8b1ed Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:89
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8fd7315009142e6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:77
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d59c660cee622023 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:85
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #267bf83316356469 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:86
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcca1b0afd1cea46 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:95
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4169c2e3bd70e6df Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:97
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49245291801f7b75 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:101
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #512d21378a5891a6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:109
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e045b913a7ec1dad Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:110
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66caf0d683044d7e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:119
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #312b05b15aaf1a7e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:121
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f8dcd6ee20c4645 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:90
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dc06cd6cb53a043 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:98
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #336554eefd5f2899 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:99
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c7a3e2ed6701857 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:108
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6837e5273e24a621 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:110
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73b215da6cccef07 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:93
        self.gcs_bucket = self.vector_store_config.get("gcs_bucket") or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #984b74d47784ec46 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:93
        self.gcs_bucket = self.vector_store_config.get("gcs_bucket") or os.environ.get(
            "GCS_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #008e0d908825a25b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:135
        original_bucket = os.environ.get("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #913cccc4bfd57222 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:137
            os.environ["GCS_BUCKET_NAME"] = self.gcs_bucket

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90651a80e1e43bca Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:166
                os.environ["GCS_BUCKET_NAME"] = original_bucket

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #557616749011d2b6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:167
            elif "GCS_BUCKET_NAME" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43466eb48975c6d3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:168
                del os.environ["GCS_BUCKET_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c14c35d06b8dabbe Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_ai_non_gemini.py:157
                f"VERTEX AI: creds={creds}; google application credentials: {os.getenv('GOOGLE_APPLICATION_CREDENTIALS')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3bd0e9b817fc785 Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_llm_base.py:95
                        with open(credentials) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b802889c8341b48 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2806
                or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47608d931431550a Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2852
                or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ab53fa231fb8d1 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3115
                or os.environ.get("HF_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e1174e165c6f7b7 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3116
                or os.environ.get("HUGGINGFACE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c098120256eb4b71 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3210
                or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4315f7d7b5c7d4d Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:4018
                or os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02c2f4d248438734 Filesystem access.
pkgs/python/[email protected]/litellm/ocr/main.py:420
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2102dfc53f476986 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py:94
    with open(filepath, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5af6ae1d2a3ba320 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:15
MCP_TOOL_PREFIX_SEPARATOR = os.environ.get("MCP_TOOL_PREFIX_SEPARATOR", "-")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #813954e0db16d2b1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:65
    raw = os.environ.get("LITELLM_USE_SHORT_MCP_TOOL_PREFIX", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f31af879d130f918 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/_lazy_openapi_snapshot.py:139
    SNAPSHOT_FILE.write_text(json.dumps(fragments, indent=2, sort_keys=True) + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a20d34ecde35f50 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_logging.py:11
log_level = os.getenv("LITELLM_LOG", "INFO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73e88e4f8bd2c3d5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/agent_endpoints/endpoints.py:81
    os.environ.get("LITELLM_AGENT_HEALTH_CHECK_TIMEOUT", "5.0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f84c96353d918dd8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/agent_endpoints/endpoints.py:84
    os.environ.get("LITELLM_AGENT_HEALTH_CHECK_GATHER_TIMEOUT", "30.0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aefdd8fc44e69bc2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:936
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75bf670a51cbd4d6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:937
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc71d1175a3dcfc5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:938
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a2ae7feecb29b93 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:563
        keys_url = os.getenv("JWT_PUBLIC_KEY_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dbadcd7bde81142 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:722
        audience = os.getenv("JWT_AUDIENCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb35fcdd0dc2c6bb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:723
        issuer = os.getenv("JWT_ISSUER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aae25df8624a366e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:28
        self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #613a4de5ac55cf47 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:46
                with open(_path_to_public_key, "rb") as key_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6a42df9c1d3802e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:111
                self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28b2b84837c8d130 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:67
    ui_username = os.getenv("UI_USERNAME", "admin")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c4e123704636a65 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:68
    ui_password = os.getenv("UI_PASSWORD", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04b3bfb0571e4690 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:174
            os.getenv("PROXY_ADMIN_ID", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdd4d37a386bf0a0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:175
            and os.environ["PROXY_ADMIN_ID"] == user_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46120b5624cf86cc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:178
            key_user_id = os.getenv("PROXY_ADMIN_ID", LITELLM_PROXY_ADMIN_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #875635f023381143 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:193
        if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d31c6968c59df08e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:276
            if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96d8478c7a905a2b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:144
        token_info_endpoint = os.getenv("OAUTH_TOKEN_INFO_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb4dfe59f6d64914 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:145
        user_id_field_name = os.environ.get("OAUTH_USER_ID_FIELD_NAME", "sub")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #807d32a1f14dfe34 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:146
        user_role_field_name = os.environ.get("OAUTH_USER_ROLE_FIELD_NAME", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9de4d37bbfd1347 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:147
        user_team_id_field_name = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9f26d71139f51b6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:147
        user_team_id_field_name = os.environ.get(
            "OAUTH_USER_TEAM_ID_FIELD_NAME", "team_id"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4481fe8bc646eb2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:152
        oauth_client_id = os.environ.get("OAUTH_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #914ba25b79fd02c4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:153
        oauth_client_secret = os.environ.get("OAUTH_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a7b375fb341af05 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:80
            oidc_token = open(aws_web_identity_token).read()  # check if filepath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a76c79530d4c30bb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:169
            aws_region_name=os.getenv("AWS_REGION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #285c1543bd73a8a6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:170
            aws_access_key_id=os.getenv("AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1abd58606737f7f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:171
            aws_secret_access_key=os.getenv("AWS_SECRET_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8a4480b68f57f6f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:172
            aws_session_name=os.getenv("AWS_SESSION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ef451720f957119 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:173
            aws_profile_name=os.getenv("AWS_PROFILE_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6790bb75457bdf69 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:174
            aws_role_name=os.getenv("AWS_ROLE_NAME", os.getenv("AWS_ROLE_ARN")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b496b68b7dafdf78 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:175
            aws_web_identity_token=os.getenv(
                "AWS_WEB_IDENTITY_TOKEN", os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7729167db4fa4eaf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:176
                "AWS_WEB_IDENTITY_TOKEN", os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae4b1a9f087ebde8 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:30
    with open(token_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e29bf20a5701bbdc Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:43
        with open(token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bddefd32d4fdc479 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/chat.py:287
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af66df755c3461e4 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/chat.py:308
        with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bed784eade204ece Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/models.py:395
    with open(yaml_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e011363987993b92 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:91
if os.environ.get("LITELLM_PROFILE", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f314c015f5945be Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:816
            litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eab8d0ca673945bf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/encrypt_decrypt_utils.py:11
    salt_key = os.getenv("LITELLM_SALT_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6425ba64b4237d08 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:5
url_to_redirect_to = os.getenv("PROXY_BASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b764b2dd0f6a45ec Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:6
server_root_path = os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca3f883fdbafa48e Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:112
        with open(local_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9344d8802701882 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:161
        with open(local_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3d42481764093f5 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/static_asset_utils.py:38
        with open(resolved, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e85310eb74ac2e2e Filesystem access.
pkgs/python/[email protected]/litellm/proxy/container_endpoints/handler_factory.py:31
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18f08241c8a336cd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/check_migration.py:95
        db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf6f4b3ef13de740 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/db_spend_update_writer.py:722
        spend_logs_url: Optional[str] = os.getenv("SPEND_LOGS_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d04d1e0ae58c2354 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:69
        os.environ["AWS_ACCESS_KEY_ID"] = aws_access_key_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5f9eba5fb6581aa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:70
        os.environ["AWS_SECRET_ACCESS_KEY"] = aws_secret_access_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9411345519276f0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:71
        os.environ["AWS_SESSION_TOKEN"] = aws_session_token

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec885d67f6aae405 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:160
        db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5999b513729aec35 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:206
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cad655757ada80c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:207
            db_port = os.getenv("DATABASE_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adc3777670a1a028 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:208
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3782162a03348451 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:209
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76a40978961fda54 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:210
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10e58ed8be167d04 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:220
            os.environ["DATABASE_URL"] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb701e4bd2feb418 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:366
            db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf36bb85edb63425 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:504
        disable_updates = os.getenv("DISABLE_SCHEMA_UPDATE", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbd1069f1984307e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/discovery_endpoints/ui_discovery_endpoints.py:24
        os.getenv("AUTO_REDIRECT_UI_LOGIN_TO_SSO", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2db782744308d75a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/discovery_endpoints/ui_discovery_endpoints.py:27
    admin_ui_disabled = os.getenv("DISABLE_ADMIN_UI", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bd193113338106c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/example_config_yaml/custom_auth.py:10
        modified_master_key = f"{os.getenv('LITELLM_MASTER_KEY')}-1234"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bc08c7e770a3d03 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_endpoints.py:1434
        with open(category_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c14dc47ede56b96 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_endpoints.py:1471
        with open(airlines_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #366b81da2a508157 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:56
        self.api_key = api_key or os.environ.get("AIM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17d078dbb11cb329 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:64
            api_base or os.environ.get("AIM_API_BASE") or "https://api.aim.security"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b477d78bee5ed5d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:81
            akto_base_url or os.environ.get("AKTO_GUARDRAIL_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d533495c3c1e7c8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:88
        self.akto_api_key = akto_api_key or os.environ.get("AKTO_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #830b79e10ad4b993 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:98
        self.akto_account_id = akto_account_id or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #989f6486d41247a1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:98
        self.akto_account_id = akto_account_id or os.environ.get(
            "AKTO_ACCOUNT_ID", "1000000"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff925cd817997001 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/akto/akto.py:101
        self.akto_vxlan_id = akto_vxlan_id or os.environ.get("AKTO_VXLAN_ID", "0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d58b0c607f4f6dca Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:48
        self.aporia_api_key = api_key or os.environ["APORIO_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d154c30f6b19ad08 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:49
        self.aporia_api_base = api_base or os.environ["APORIO_API_BASE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68bd3e270a982818 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py:58
        self.api_key = api_key or os.environ.get("CS_AIDR_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47fea9d20bcb06e4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py:64
        self.api_base = api_base or os.environ.get("CS_AIDR_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb483f0249fe0873 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:56
        self.api_key = api_key or os.getenv("DYNAMOAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cff1e4adc4005879 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:62
        self.api_base = api_base or os.getenv(
            "DYNAMOAI_API_BASE", "https://api.dynamo.ai"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39a4c6d50fce1065 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:68
        self.model_id = model_id or os.getenv("DYNAMOAI_MODEL_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #729e99f80e744e9b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:71
        env_policy_ids = os.getenv("DYNAMOAI_POLICY_IDS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ded3b219708b39e2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/enkryptai/enkryptai.py:67
        self.api_key = api_key or os.getenv("ENKRYPTAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6d75a05117151c3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/enkryptai/enkryptai.py:73
        self.api_base = api_base or os.getenv(
            "ENKRYPTAI_API_BASE", "https://api.enkryptai.com"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #307796d7aa607142 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/generic_guardrail_api/generic_guardrail_api.py:203
        base_url = api_base or os.environ.get("GENERIC_GUARDRAIL_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1de86b5b9a32458f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:84
        api_key_value = api_key or os.getenv("GRAYSWAN_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cd528f9565e7e56 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:91
        base = api_base or os.getenv("GRAYSWAN_API_BASE") or self.BASE_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #196155dc12cb7371 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:639
        env_val = os.getenv("GRAYSWAN_VIOLATION_THRESHOLD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ec7befed0d94c79 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:650
        env_val = os.getenv("GRAYSWAN_REASONING_MODE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1a93b8297096871 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/guardrails_ai/guardrails_ai.py:74
            api_base or os.getenv("GUARDRAILS_AI_API_BASE") or "http://0.0.0.0:8000"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e1c960c38ab0554 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:74
        self.hiddenlayer_client_id = api_id or os.getenv("HIDDENLAYER_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d09737cfa9b3404 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:75
        self.hiddenlayer_client_secret = api_key or os.getenv(
            "HIDDENLAYER_CLIENT_SECRET"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94a5a98429f32b09 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:80
            or os.getenv("HIDDENLAYER_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89ae17668228e547 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:87
            or os.getenv("HIDDENLAYER_AUTH_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d3f0187f1b2d2f9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:308
        self.hiddenlayer_client_id = api_id or os.getenv("HIDDENLAYER_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbfb095a04fbe52c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:309
        self.hiddenlayer_client_secret = api_key or os.getenv(
            "HIDDENLAYER_CLIENT_SECRET"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d235602c1436a84f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:314
            or os.getenv("HIDDENLAYER_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46dd5289a834248a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:321
            or os.getenv("HIDDENLAYER_AUTH_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #246e319bf58be1d7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ibm_guardrails/ibm_detector.py:55
        self.auth_token = auth_token or os.getenv("IBM_GUARDRAILS_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48df99d79839144a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai.py:62
        self.lakera_api_key = api_key or os.environ.get("LAKERA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98256cafcb36a042 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai_v2.py:65
        self.lakera_api_key = api_key or os.environ.get("LAKERA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb19666a14028890 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:108
        self.lasso_api_key = lasso_api_key or api_key or os.environ.get("LASSO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50ab910b4b3cac41 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:109
        self.user_id = user_id or os.environ.get("LASSO_USER_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0893c7f7096fbae1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:110
        self.conversation_id = conversation_id or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a11f6e0ea31ccd7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:110
        self.conversation_id = conversation_id or os.environ.get(
            "LASSO_CONVERSATION_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efcf6b3c2f96b5e6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:123
            or os.getenv("LASSO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c968162c1cf56e48 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/competitor_intent/airline.py:124
        with open(_MAJOR_AIRLINES_PATH, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd96d87b595aa3b6 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:604
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58fc86f85d928f74 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:630
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb435b5956569b4d Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:736
            with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a203c4a0cf402199 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:40
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d6e93369a9044e7 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:147
    with open(result_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5999e917bab7cf97 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:562
    not os.environ.get("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ae0132e3ded3f70 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:581
    not os.environ.get("ANTHROPIC_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1eb973fad0c7eb1a Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/patterns.py:18
    with open(json_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44b81c53dbaefd9e Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/patterns.py:161
                with open(category_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac64fdab29c09305 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:107
    key_material = os.environ.get(env_var, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03058f70f7a8ff30 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:114
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa5953e7b9dc10a8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:250
        key_material = os.environ.get(self.SIGNING_KEY_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d21c4fae4217947 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:271
            or os.environ.get("MCP_JWT_ISSUER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b4cf58dfcc3df10 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:272
            or os.environ.get("LITELLM_EXTERNAL_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44c4bffaa02f9217 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:276
            audience or os.environ.get("MCP_JWT_AUDIENCE") or self.DEFAULT_AUDIENCE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70de4109905ecc12 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/mcp_jwt_signer/mcp_jwt_signer.py:281
            else os.environ.get("MCP_JWT_TTL_SECONDS", str(self.DEFAULT_TTL))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1158296d6d5bff84 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:132
        self.api_key = api_key or os.environ.get("NOMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60827bbffeda8a1b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:133
        self.api_base = api_base or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3510406e8b62c28 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:133
        self.api_base = api_base or os.environ.get(
            "NOMA_API_BASE", NomaGuardrail._DEFAULT_API_BASE
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c7eac80bd7fca9b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:136
        self.application_id = application_id or os.environ.get("NOMA_APPLICATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #371cc6adc136642f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:141
                os.environ.get("NOMA_MONITOR_MODE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a264190c1150b596 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:148
                os.environ.get("NOMA_BLOCK_FAILURES", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c3f796aec9f2a4b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:155
                os.environ.get("NOMA_ANONYMIZE_INPUT", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eb451ac74d7c881 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:60
        self.api_key = api_key or os.environ.get("NOMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ed6f3aea3038b74 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:62
            api_base or os.environ.get("NOMA_API_BASE") or _DEFAULT_API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96b6c22634699e36 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:64
        self.application_id = application_id or os.environ.get("NOMA_APPLICATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #327f7f9e13fd4fa9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:67
                os.environ.get("NOMA_MONITOR_MODE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7c44548825e2550 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:74
                os.environ.get("NOMA_BLOCK_FAILURES", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20d51ba622ddb98d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:38
        timeout = timeout or int(os.getenv("ONYX_TIMEOUT", 10.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a242baccf2863c0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:43
        self.api_base = api_base or os.getenv(
            "ONYX_API_BASE",
            "https://ai-guard.onyx.security",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b85f173f659c61db Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:47
        self.api_key = api_key or os.getenv("ONYX_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e97ab6d3366792b2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/openai/moderations.py:105
            os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc014a2d85dd50dc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:83
        self.api_key = api_key or os.environ.get("PANGEA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e91781a4d3324cb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:92
            or os.environ.get("PANGEA_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1bf0a03d575408d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:112
        self.api_key = api_key or os.getenv("PANW_PRISMA_AIRS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3baafcf5dcd665ad Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:115
            or os.getenv("PANW_PRISMA_AIRS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db1c7ec9a557b704 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:217
        self.api_key = api_key or os.environ.get("PILLAR_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05956e1814bc890e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:226
        self.api_base = api_base or os.getenv("PILLAR_API_BASE") or self.BASE_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e874c9e1b56fbe8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:229
        action = on_flagged_action or os.environ.get("PILLAR_ON_FLAGGED_ACTION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b723fe1f69e939a6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:269
        action = fallback_on_error or os.environ.get("PILLAR_FALLBACK_ON_ERROR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcfe068128b5a35a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:289
                    os.environ.get("PILLAR_TIMEOUT", str(self.DEFAULT_TIMEOUT))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82cbba4543f88898 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:293
                    f"Pillar Guardrail: Invalid PILLAR_TIMEOUT value '{os.environ.get('PILLAR_TIMEOUT')}', "

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3afb10a4246cb0c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:635
            env_value = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdfffe61a5e304a5 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:145
                with open(ad_hoc_recognizers, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1aa37ca77334b076 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:41
        self.api_key = api_key or os.environ.get("PROMPT_SECURITY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a0472cdb4f23111 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:42
        self.api_base = api_base or os.environ.get("PROMPT_SECURITY_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #173c9396ecbc2042 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:43
        self.user = user or os.environ.get("PROMPT_SECURITY_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #866d66b091f11ca4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:44
        self.system_prompt = system_prompt or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ffee9c7c620c8c2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:44
        self.system_prompt = system_prompt or os.environ.get(
            "PROMPT_SECURITY_SYSTEM_PROMPT"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43dacd53c44717e8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:52
            check_tool_results_env = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef033507f7003ad7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:52
            check_tool_results_env = os.environ.get(
                "PROMPT_SECURITY_CHECK_TOOL_RESULTS", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09abdaf988fbafea Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:57
        self.api_key = api_key or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d65b952df5595534 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:57
        self.api_key = api_key or os.environ.get(
            "PROMPTGUARD_API_KEY",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3d8f04b5ca7403c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:69
            api_base or os.environ.get("PROMPTGUARD_API_BASE") or _DEFAULT_API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e48970091f682483 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/promptguard/promptguard.py:73
            env = os.environ.get("PROMPTGUARD_BLOCK_ON_ERROR", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57c86f6e63c516a7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qohash/qohash.py:29
        api_base = api_base or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3c446a301a64d31 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qohash/qohash.py:29
        api_base = api_base or os.environ.get(
            "QOSTODIAN_NEXUS_API_BASE", "http://nexus:8800"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5afcbdf96735844a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qualifire/qualifire.py:68
            or os.environ.get("QUALIFIRE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a92a8e5c2c3d5cd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qualifire/qualifire.py:73
            or os.environ.get("QUALIFIRE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6234bb92860bbd84 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/semantic_guard/route_loader.py:38
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #493204dee1ab92ed Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/semantic_guard/route_loader.py:58
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52180bd9d53264aa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:92
        self.api_key = api_key or os.environ.get("XECGUARD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b8b58fa103c73c6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:102
            api_base or os.environ.get("XECGUARD_API_BASE") or _DEFAULT_API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #550f3eda42d0dbd1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/xecguard/xecguard.py:109
            env = os.environ.get("XECGUARD_BLOCK_ON_ERROR", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8f3db47f113135e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:41
        self.zscaler_ai_guard_url = api_base or os.getenv(
            "ZSCALER_AI_GUARD_URL",
            "https://api.us1.zseclipse.net/v1/detection/execute-policy",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dc8fb0ab40a65ec Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:48
            else int(os.getenv("ZSCALER_AI_GUARD_POLICY_ID", -1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baa4e50ffd2d5567 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:50
        self.api_key = api_key or os.getenv("ZSCALER_AI_GUARD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edb6841a79e47042 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:54
            else os.getenv("SEND_USER_API_KEY_ALIAS", "False").lower() in ("true", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64c9e1e34b7e4c5e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:59
            else os.getenv("SEND_USER_API_KEY_USER_ID", "False").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb9c02434a9273fa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:65
            else os.getenv("SEND_USER_API_KEY_TEAM_ID", "False").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cfbaa6cb0326052 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/health_endpoints/_health_endpoints.py:416
                user_email=os.getenv("TEST_EMAIL_ADDRESS"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8b47af98ecde079 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/__init__.py:29
if os.getenv("LEGACY_MULTI_INSTANCE_RATE_LIMITING", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b2ba2631339a684 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/dynamic_rate_limiter.py:121
                if os.getenv("LITELLM_LICENSE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c534607b00ce2cc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/dynamic_rate_limiter_v3.py:122
            if os.getenv("LITELLM_LICENSE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77153bfecb8494fd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/max_budget_per_session_limiter.py:70
            os.getenv(
                "LITELLM_MAX_BUDGET_PER_SESSION_TTL",
                DEFAULT_MAX_BUDGET_PER_SESSION_TTL,
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc6bd27a93f63686 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/max_iterations_limiter.py:73
            os.getenv("LITELLM_MAX_ITERATIONS_TTL", DEFAULT_MAX_ITERATIONS_TTL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7253642c88675f77 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:260
        self.window_size = int(os.getenv("LITELLM_RATE_LIMIT_WINDOW_SIZE", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b3e703f03ae68b1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/responses_id_security.py:182
        salt_key = os.getenv("LITELLM_SALT_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0f0d6241d562f66 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/callback_management_endpoints.py:52
    with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13bc5ea5824edf5a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:162
        env_value = os.environ.get(env_var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f89075b6c20d8742 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:204
            os.environ[env_var_name] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4c5a078649eb132 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:206
            os.environ.pop(env_var_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1952cefa534bd308 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/key_management_endpoints.py:3920
    grace_period_value = grace_period or os.getenv(
        "LITELLM_KEY_ROTATION_GRACE_PERIOD", ""
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7df2f6eba9697b70 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/mcp_management_endpoints.py:2140
            with open(_MCP_REGISTRY_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33f09099b1144060 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/mcp_management_endpoints.py:2214
        with open(_OPENAPI_REGISTRY_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #960c89da737e9b44 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/policy_endpoints/endpoints.py:636
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23fe790268fd4b0d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/policy_endpoints/endpoints.py:656
    use_local = os.getenv("LITELLM_LOCAL_POLICY_TEMPLATES", "").strip().lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e64ff84835380b1f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:59
        custom_authorization_endpoint = os.getenv(
            "MICROSOFT_AUTHORIZATION_ENDPOINT", None
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0674a1e9949b27a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:62
        custom_token_endpoint = os.getenv("MICROSOFT_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10a9dc2e1653dd44 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:63
        custom_userinfo_endpoint = os.getenv("MICROSOFT_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f19abab0367ba736 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:547
                generic_user_role_attribute_name = os.getenv(
                    "GENERIC_USER_ROLE_ATTRIBUTE", "role"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e33f22e174cd7e9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:593
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d23da4f4eb7ecce Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:594
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4554056340fb3ee8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:595
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dc0e4ac16750045 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:598
    _disable_ui_flag = os.getenv("DISABLE_ADMIN_UI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10237a0c6dd278a5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:633
    ui_username = os.getenv("UI_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e0b7937cbb00a21 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:712
    generic_user_id_attribute_name = os.getenv(
        "GENERIC_USER_ID_ATTRIBUTE", "preferred_username"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdf6adaee94f8b97 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:715
    generic_user_display_name_attribute_name = os.getenv(
        "GENERIC_USER_DISPLAY_NAME_ATTRIBUTE", "sub"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a15e75e6d011f05f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:718
    generic_user_email_attribute_name = os.getenv(
        "GENERIC_USER_EMAIL_ATTRIBUTE", "email"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4ad62a056e24b04 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:722
    generic_user_first_name_attribute_name = os.getenv(
        "GENERIC_USER_FIRST_NAME_ATTRIBUTE", "first_name"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c6ea5879d1d751e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:725
    generic_user_last_name_attribute_name = os.getenv(
        "GENERIC_USER_LAST_NAME_ATTRIBUTE", "last_name"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed9aad289836bd4b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:729
    generic_provider_attribute_name = os.getenv(
        "GENERIC_USER_PROVIDER_ATTRIBUTE", "provider"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce22b892c49fb301 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:733
    generic_user_role_attribute_name = os.getenv("GENERIC_USER_ROLE_ATTRIBUTE", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4017fe31a6497587 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:735
    generic_user_extra_attributes = os.getenv("GENERIC_USER_EXTRA_ATTRIBUTES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc3182ac22243f1f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:838
    generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b893c077c1c9ea2c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:839
    generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(" ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cb571c7d69a46b6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:840
    generic_authorization_endpoint = os.getenv("GENERIC_AUTHORIZATION_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8771fc24289ba2a8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:841
    generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aeb60dd0b99c0de Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:842
    generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c310f31036a5848 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:844
        os.getenv("GENERIC_INCLUDE_CLIENT_ID", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d02bdce674dac6b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:967
    generic_role_mappings = os.getenv("GENERIC_ROLE_MAPPINGS_ROLES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29f31d0773f0f729 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:968
    generic_role_mappings_group_claim = os.getenv(
        "GENERIC_ROLE_MAPPINGS_GROUP_CLAIM", None
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2577685563eb566d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:971
    generic_role_mappoings_default_role = os.getenv(
        "GENERIC_ROLE_MAPPINGS_DEFAULT_ROLE", None
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a786ab27c0f78e0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1008
    raw = os.getenv("GENERIC_SSO_HEADERS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afe419d2e1bc4f3b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1032
    pkce_configured = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2baaea50155a5432 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1567
    proxy_admin_id = os.getenv("PROXY_ADMIN_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #911fbe06684a9cf2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1620
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac1c39bdae58ee0a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1621
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3f3c43a5bf3edca Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1622
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #092acd2e2d16d20b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2021
    _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3788de647be5ddde Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2022
    _logout_url = os.getenv("PROXY_LOGOUT_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01bbfbcb00d36af2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2023
    _api_doc_base_url = os.getenv("LITELLM_UI_API_DOC_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9701fae7df348e22 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2030
    if "PROXY_DEFAULT_TEAM_DISABLED" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #554b39dcd1471511 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2031
        if os.environ["PROXY_DEFAULT_TEAM_DISABLED"].lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6945e9d58aa310cf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2057
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fad98d440c5090fb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2058
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2eb9bc859ce5e4fe Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2059
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffed2273bd33502a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2082
        google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28653e466e2524cc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2087
        microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad3f300a01f26d5e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2088
        microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68b2c8509c3fa751 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2095
        generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82ea311080cc553e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2096
        generic_authorization_endpoint = os.getenv(
            "GENERIC_AUTHORIZATION_ENDPOINT", None
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fda2a28e64660785 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2099
        generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #031d332c1cda76bb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2100
        generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35e4c4b4d9da61f4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2195
            google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f56da632809684f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2215
            microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49918560071946ed Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2216
            microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c20ad0e99d80d40a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2237
            generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abad615d04bb5a3e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2238
            generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e23476b87e7b08e5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2241
            generic_authorization_endpoint = os.getenv(
                "GENERIC_AUTHORIZATION_ENDPOINT", None
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #783c749a961f6675 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2244
            generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b420860b974a3bc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2245
            generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c53d63694442db3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2450
            generic_client_state = os.getenv("GENERIC_CLIENT_STATE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b4c5c06f05ed362 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2458
        use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23a0b5660c19404b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2729
        if user_email is not None and os.getenv("ALLOWED_EMAIL_DOMAINS") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c079794d1fa1d5dd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2731
            allowed_domains = os.getenv("ALLOWED_EMAIL_DOMAINS").split(",")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f50d039266d2711 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2758
            generic_user_role_attribute_name = os.getenv(
                "GENERIC_USER_ROLE_ATTRIBUTE", "role"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ade63f655f369e1e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3049
        use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a4736e026d9630a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3143
            os.getenv("PKCE_STRICT_CACHE_MISS", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32ba4637bf5ad1b3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3595
        microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5f33ab3a677028d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3596
        microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aab2c32bdfa0a4e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3754
            service_principal_id = os.getenv("MICROSOFT_SERVICE_PRINCIPAL_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2be9d83ab0a1eac4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3958
        google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f8600987c315304 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3995
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cd76a28f847bd54 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3996
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c09db7aa2966bad Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3997
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b37fc1b5e8799f85 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4070
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c759f492b3c6aaa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4071
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c3748b790b0166a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4072
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53a896bed9095688 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:4074
    redirect_url = os.getenv("PROXY_BASE_URL", str(request.base_url))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14abb56044a643a7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/middleware/in_flight_requests_middleware.py:65
            if "PROMETHEUS_MULTIPROC_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #359d958873f33ead Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:208
        os.getenv("GEMINI_API_BASE") or "https://generativelanguage.googleapis.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60dc4dd0377f9a0d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:274
    base_target_url = os.getenv("COHERE_API_BASE") or "https://api.cohere.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b764439cf16d3f6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:405
    base_target_url = os.getenv("MISTRAL_API_BASE") or "https://api.mistral.ai"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b542b4ea6f15d90 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:616
        os.getenv("ANTHROPIC_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f128414302902928 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:617
        or os.getenv("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61848e6a89b491da Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2030
    base_target_url = os.getenv("OPENAI_API_BASE") or "https://api.openai.com/"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3d4f6aa01e36b8d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2193
    base_target_url = os.getenv("CURSOR_API_BASE") or "https://api.cursor.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #124267b6fa658852 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/prometheus_cleanup.py:35
    if not os.environ.get("PROMETHEUS_MULTIPROC_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08d0a7d6e3666cee Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:28
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #823a92df6fa9317b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:301
        if os.environ.get("PROMETHEUS_MULTIPROC_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #294143abac6d304b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:323
            with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #980ebbddcf953ae4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:377
        multiproc_dir = os.environ.get("PROMETHEUS_MULTIPROC_DIR") or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b15fe34c2fbde497 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:377
        multiproc_dir = os.environ.get("PROMETHEUS_MULTIPROC_DIR") or os.environ.get(
            "prometheus_multiproc_dir"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c88a700c469efe52 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:386
            os.environ["PROMETHEUS_MULTIPROC_DIR"] = multiproc_dir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7602f64b3f2259d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:755
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c813dcf414ba1683 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:756
            db_port = os.getenv("DATABASE_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c974b7b4abc49ef Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:757
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2bb6c1416e92eb6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:758
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d895729133fbc676 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:759
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbb5cfd0bd3e10fa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:770
            os.environ["DATABASE_URL"] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #379cc1fa12b2c235 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:771
            os.environ["IAM_TOKEN_DB_AUTH"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32b9e690ab96c512 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:778
            os.getenv("USE_AWS_KMS", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caf1f978f665e936 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:779
            and os.getenv("USE_AWS_KMS") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d98981f18f074de Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:785
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c96a49a448e62811 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:841
            if database_url is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #094d790e8f7acabd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:847
                    os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33afac5a970ede77 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:868
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e01ee96ede58191d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:871
        if config is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e386ecda9adba08b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:877
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1f682db582523ce Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:889
            os.getenv("DATABASE_URL", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04d1b3d5c2d026aa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:890
            or os.getenv("DIRECT_URL", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #575d84884f47259b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:895
                if os.getenv("DATABASE_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d19a2ed2d7ad70a3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:905
                    os.environ["DATABASE_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #221ca6b37251f78e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:906
                if os.getenv("DIRECT_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44701db8d2edf685 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:912
                    database_url = os.getenv("DIRECT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa2be67b9cd0f837 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:914
                    os.environ["DIRECT_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98302dd68f69b21f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:592
global_max_parallel_request_retries_env: Optional[str] = os.getenv(
    "LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRIES"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #969afd67f0ffa0e5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:602
global_max_parallel_request_retry_timeout_env: Optional[str] = os.getenv(
    "LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRY_TIMEOUT"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad32df6e40666aea Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:623
_title = os.getenv("DOCS_TITLE", "LiteLLM API") if premium_user else "LiteLLM API"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccaab12dddbfbd58 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:625
    os.getenv(
        "DOCS_DESCRIPTION",
        f"Enterprise Edition \n\nProxy Server to call 100+ LLMs in the OpenAI format. {custom_swagger_message}\n\n{ui_message}",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a4e84263aa76fd8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:731
    _startup_hooks_env = os.environ.get("LITELLM_WORKER_STARTUP_HOOKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c85a83876b83406 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:798
        elif os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None and isinstance(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b85d23ff44574aab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1174
if os.getenv("DOCS_FILTERED", "False") == "True" and premium_user:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73ab536ddb6caa39 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1221
        else os.getenv("LITELLM_CORS_ORIGINS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed0ebab0b9206a54 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1237
        else os.getenv("LITELLM_CORS_ALLOW_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d255aca451e7f88 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1361
    is_non_root = os.getenv("LITELLM_NON_ROOT", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbd7d5e7c7dd3dee Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1370
    runtime_ui_path = os.getenv("LITELLM_UI_PATH", default_runtime_ui_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eac4019e2de7b9fc Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1471
                        with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e23f9d2a7c6e80f Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1486
                        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d7a24d2f1998925 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1672
root_redirect_url: Optional[str] = os.getenv("ROOT_REDIRECT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9e638cffeea8001 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1848
        KVUri = os.getenv("AZURE_KEY_VAULT_URI", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c55d4fc3e26bb1b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2688
        with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f6d48a7a487c3f0 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3278
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c4e650f1ed975ff Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3301
            with open(f"{file_path}", "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e2f6f566004e343 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3401
            with open(f"{user_config_file_path}", "w") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3277d746fd81cfdf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3564
        if os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #791bec59aa45d9af Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3565
            bucket_name = os.environ.get("LITELLM_CONFIG_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19dbb74a093c584b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3566
            object_key = os.environ.get("LITELLM_CONFIG_BUCKET_OBJECT_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f41ad2538f2ebdf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3567
            bucket_type = os.environ.get("LITELLM_CONFIG_BUCKET_TYPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60c035a44d280786 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3733
                        os.environ[key] = resolved_secret_string

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9071893d360c6194 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3742
                    os.environ[key] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51a5a8dcab558368 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3746
                _license_check.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #986613029a7a893c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:4147
            use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dc7cc919192674f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:4353
                    v = os.getenv(_v)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b972e463f0d4cff7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5001
                    os.environ[k] = decrypted_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d15680f8a46af485 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5432
                os.environ[upper_key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bce03cd901beaab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6381
    os.environ["WORKER_CONFIG"] = json.dumps(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0510f2d0f67b9ca Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6407
    if os.getenv("LITELLM_DONT_SHOW_FEEDBACK_BOX", "").lower() != "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba4a7be3e16ca3b1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6438
        litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #170aef2fc9100105 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6488
        os.environ["AZURE_API_VERSION"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #409a1d6ee2108bc0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7574
            if os.getenv("PROMETHEUS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6096b081e308929 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7699
            app_name = os.getenv("PYROSCOPE_APP_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25807aabf86c9274 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7705
            server_address = os.getenv("PYROSCOPE_SERVER_ADDRESS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3926e0361e15e0d3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7712
            env_name = os.getenv("OTEL_ENVIRONMENT_NAME") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e76acf2e7e831ab1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7712
            env_name = os.getenv("OTEL_ENVIRONMENT_NAME") or os.getenv(
                "LITELLM_DEPLOYMENT_ENVIRONMENT",
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35fe5b65c65330c1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:7717
            sample_rate_env = os.getenv("PYROSCOPE_SAMPLE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4921b53d6278183 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:12420
    ui_username = os.getenv("UI_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5b38aea47337090 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13092
    logo_path = os.getenv("UI_LOGO_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58b688b8acfb8624 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13106
    is_non_root = os.getenv("LITELLM_NON_ROOT", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b1b084cc46d8c8b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13111
    assets_dir = os.getenv("LITELLM_ASSETS_PATH", default_assets_dir)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #814afb18d880ff5e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13134
    logo_path = os.getenv("UI_LOGO_PATH", default_logo)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db78887aba472042 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:13176
    favicon_url = os.getenv("LITELLM_FAVICON_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05841c14e1aefd70 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:14172
                    _value = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91bed55abe82caff Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:145
        files("litellm")
        .joinpath("provider_endpoints_support_backup.json")
        .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5acb8e662a54e8a6 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:349
    with open(provider_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4cd9e653d8fbfb8 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:439
    with open(agent_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae772b4729ec7afd Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:442
    with open(provider_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c60cb1f6da5c900 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_log_error_logger.py:43
    return str_to_bool(os.getenv(SUPPRESS_SPEND_LOG_TRACEBACKS_ENV)) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #793cef846536ee23 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_management_endpoints.py:2531
            db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91cfa33a7f256ee2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_tracking_utils.py:47
    max_length_str = os.getenv("MAX_STRING_LENGTH_PROMPT_IN_DB")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f1b1e581857bea3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:817
                os.environ[env_var_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6a0a271cd9ddac3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:820
                os.environ.pop(env_var_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf3c74db75b0120b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:982
        os.environ["UI_LOGO_PATH"] = logo_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae3d2b8f84689eb3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:989
        if "UI_LOGO_PATH" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #523a1acfbffb59fd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:990
            del os.environ["UI_LOGO_PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2f6adb4b4564066 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1001
        os.environ["LITELLM_FAVICON_URL"] = favicon_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5834ccf11357fcf6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1008
        if "LITELLM_FAVICON_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #760ee3c8b75ffb6c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1009
            del os.environ["LITELLM_FAVICON_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f20f1ee73f1ad22 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1391
    with open(file_path, "wb") as buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd77de5b58d63399 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:178
    if SendGridEmailLogger is not None and os.getenv("SENDGRID_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c961627229ee4232 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:182
    if ResendEmailLogger is not None and os.getenv("RESEND_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cf11ff41a19bb84 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:186
    if SMTPEmailLogger is not None and os.getenv("SMTP_HOST"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d86eb6e8fc2b3b66 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:1675
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dde19c82b2f8c3de Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2453
    os.environ.get("LITELLM_CONFIG_PARAM_CACHE_TTL_SECONDS", "60")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5670a99ebb79e1f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2549
            os.getenv("IAM_TOKEN_DB_AUTH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d69de6d60af6974f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2587
            1, int(os.getenv("PRISMA_RECONNECT_COOLDOWN_SECONDS", "15"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1af68ea60536071b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2590
            5, int(os.getenv("PRISMA_HEALTH_WATCHDOG_INTERVAL_SECONDS", "30"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f153e1ac0fdb3532 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2593
            str_to_bool(os.getenv("PRISMA_HEALTH_WATCHDOG_ENABLED", "true")) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #178451a62957055a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2597
            float(os.getenv("PRISMA_HEALTH_WATCHDOG_PROBE_TIMEOUT_SECONDS", "5.0")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #259f9e8bde0de278 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2600
            1.0, float(os.getenv("PRISMA_WATCHDOG_RECONNECT_TIMEOUT_SECONDS", "30.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #886cc3cf883743fb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2603
            0.5, float(os.getenv("PRISMA_AUTH_RECONNECT_TIMEOUT_SECONDS", "2.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8186515d192aba11 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2607
            float(os.getenv("PRISMA_AUTH_RECONNECT_LOCK_TIMEOUT_SECONDS", "0.1")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0951f58618362baa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2611
            1, int(os.getenv("PRISMA_RECONNECT_ESCALATION_THRESHOLD", "3"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cf257fe590e088a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2707
            pg_schema = os.getenv("DATABASE_SCHEMA", "public")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d998a47d11885da Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4232
                db_url = os.getenv("DATABASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fc6b5e8e8387520 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4254
                db_url = os.getenv("DATABASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04356dcad513e6df Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4722
    smtp_host = os.getenv("SMTP_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7070b50146c5ef31 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4723
    smtp_port = int(os.getenv("SMTP_PORT", "587"))  # default to port 587

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89e4509e36cb6d40 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4724
    smtp_username = os.getenv("SMTP_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57375b2c3d985ce5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4725
    smtp_password = os.getenv("SMTP_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13340a0f35c15482 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4726
    sender_email = os.getenv("SMTP_SENDER_EMAIL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13f0a3c4198b316f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4757
            if os.getenv("SMTP_TLS", "True") != "False":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a7e107488c31629 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4946
                    base_url = os.getenv("SPEND_LOGS_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #402fbfc40240396e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5464
    if redoc_url := os.getenv("REDOC_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0af7f97726346a11 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5467
    if str_to_bool(os.getenv("NO_REDOC")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a5aa599a4a7befe Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5481
    if docs_url := os.getenv("DOCS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5279c878658aeb32 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5484
    if str_to_bool(os.getenv("NO_DOCS")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c94f5be3975511d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5498
    if openapi_url := os.getenv("OPENAPI_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b36373e17b186d4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5501
    if str_to_bool(os.getenv("NO_OPENAPI")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97d2eb5999010ead Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5625
    return os.getenv("PROXY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8efe545a7d638af Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5635
    return os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ea058694e63810c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5687
    database_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b18b2864b30eac34 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5688
    database_username = os.getenv("DATABASE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6cd4dfab9dffe36 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5689
    database_password = os.getenv("DATABASE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe051374b3b48a22 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5690
    database_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d47736e2a24ba718 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5691
    database_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d01c609453c5a87 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/vertex_ai_endpoints/langfuse_endpoints.py:210
        or os.getenv("LANGFUSE_HOST", _DEFAULT_LANGFUSE_HOST)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46aab3d1fedade24 Environment-variable access.
pkgs/python/[email protected]/litellm/realtime_api/main.py:301
            or os.environ.get("LITELLM_AZURE_REALTIME_PROTOCOL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b56ade478b1e0bc Environment-variable access.
pkgs/python/[email protected]/litellm/router.py:7635
                    params[param_key] = os.environ.get(env_name, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76b0168d0097b4d4 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:22
    if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dea8b6bd1707b61c Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:35
        kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe16c2dcf2f9abcb Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:56
        if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #252ded6b5c084744 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:62
        if os.getenv("LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf60f7afde573b12 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:64
        elif os.getenv("LITELLM_SECRET_AWS_KMS_LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99cd82115f226557 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:80
            kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53502442f9b7e06f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:89
        encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e445ffaa19855685 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:132
    for k, v in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a591b26bee7273d9 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:65
            "AWS_REGION_NAME" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bc64ba6147ee6ea Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:66
            and "AWS_REGION" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #846d90df832cdf5d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:67
            and "AWS_DEFAULT_REGION" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da48217fe90593b3 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:190
            return os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #619742635641989d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:27
        self.conjur_addr = os.getenv("CYBERARK_API_BASE", "http://127.0.0.1:8080")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94b178ad44f82686 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:28
        self.conjur_account = os.getenv("CYBERARK_ACCOUNT", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39b3f6416cfc63ea Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:29
        self.conjur_username = os.getenv("CYBERARK_USERNAME", "admin")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ede02de5efb59b19 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:30
        self.conjur_api_key = os.getenv("CYBERARK_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc1e8640d7419ec0 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:33
        self.tls_cert_path = os.getenv("CYBERARK_CLIENT_CERT", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e7fbad23a33b9e6 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:34
        self.tls_key_path = os.getenv("CYBERARK_CLIENT_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fb41e9f28f06e34 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:38
        ssl_verify_env = str_to_bool(os.getenv("CYBERARK_SSL_VERIFY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3c76f3cdd19f1c4 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:51
        _refresh_interval = int(os.environ.get("CYBERARK_REFRESH_INTERVAL", "300"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91eb5176172628ac Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:12
        os.environ.get("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3e6fb75d61c4356 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:13
        and os.environ.get("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e6cf8938ac1a9d4 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:14
        and os.environ.get("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1596cc55f1030bca Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:17
    elif os.environ.get("AZURE_CLIENT_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9730c89a7a0946ac Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:20
        os.environ.get("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fa7711053381839 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:21
        and os.environ.get("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77194e7c498fa517 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:22
        and os.environ.get("AZURE_CERTIFICATE_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c83a025eeb6fa8c1 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:23
        and os.environ.get("AZURE_CERTIFICATE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45188bf06767b0b4 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:26
    elif os.environ.get("AZURE_CERTIFICATE_PASSWORD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e70029dbfb7c80d2 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:28
    elif os.environ.get("AZURE_CERTIFICATE_PATH"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59516903cf7738e0 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:65
            os.environ.get("AZURE_SCOPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76776ab51c0a91b4 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:73
        or os.environ.get("AZURE_CREDENTIAL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #226b6898ccfbc258 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:90
            client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ebf36b5cc8e809d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:91
            client_secret=os.environ["AZURE_CLIENT_SECRET"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b61bff741ee08835 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:92
            tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f631bf216c51d187 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:95
        credential = ManagedIdentityCredential(client_id=os.environ["AZURE_CLIENT_ID"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9848477ad0d6f604 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:97
        if os.getenv("AZURE_CERTIFICATE_PASSWORD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec9b6fbc44fbc2b6 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:99
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d10386fe0a4dcb6 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:100
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23ea3ce24ab38f74 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:101
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95f8af1d3690673e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:102
                password=os.environ["AZURE_CERTIFICATE_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39810034e693f31e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:106
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9538e227f495fc8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:107
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff28d73403c65254 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:108
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fefd6007aebf9b91 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:19
    if "GOOGLE_APPLICATION_CREDENTIALS" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7996aaaa74f1b623 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:23
    if "GOOGLE_KMS_RESOURCE_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cc8216f86da4f34 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:41
        litellm._google_kms_resource_name = os.getenv("GOOGLE_KMS_RESOURCE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37584b70480e7bf9 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:32
        self.PROJECT_ID = os.environ.get("GOOGLE_SECRET_MANAGER_PROJECT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a4543dbfff57837 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:40
        _refresh_interval = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90f3483bde70f2d4 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:40
        _refresh_interval = os.environ.get(
            "GOOGLE_SECRET_MANAGER_REFRESH_INTERVAL", refresh_interval
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd15ab669d1699e4 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:50
        _always_read_secret_manager = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cab9e0cf5d34c6e1 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:50
        _always_read_secret_manager = os.environ.get(
            "GOOGLE_SECRET_MANAGER_ALWAYS_READ_SECRET_MANAGER",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcb273cc0782816a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:25
        self.vault_addr = os.getenv("HCP_VAULT_ADDR", "http://127.0.0.1:8200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b203d2ac6a639dd1 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:26
        self.vault_token = os.getenv("HCP_VAULT_TOKEN", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fefa998a21df38e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:28
        self.vault_namespace = os.getenv("HCP_VAULT_NAMESPACE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d148dcebb737e3f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:31
        self.vault_mount_name = os.getenv("HCP_VAULT_MOUNT_NAME", "secret")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a26756329439ec7 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:33
        self.vault_path_prefix = os.getenv("HCP_VAULT_PATH_PREFIX", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #647607eae1a07273 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:36
        self.tls_cert_path = os.getenv("HCP_VAULT_CLIENT_CERT", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91da85a539c563fb Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:37
        self.tls_key_path = os.getenv("HCP_VAULT_CLIENT_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f3598cacbab9ba5 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:38
        self.vault_cert_role = os.getenv("HCP_VAULT_CERT_ROLE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa5dccca8398eb93 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:41
        self.approle_role_id = os.getenv("HCP_VAULT_APPROLE_ROLE_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fe5d2181581d5bb Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:42
        self.approle_secret_id = os.getenv("HCP_VAULT_APPROLE_SECRET_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2af8421e8e3507d3 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:43
        self.approle_mount_path = os.getenv("HCP_VAULT_APPROLE_MOUNT_PATH", "approle")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8cd403245833af7 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:54
        _refresh_interval = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ef7ca07836c8f20 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:54
        _refresh_interval = os.environ.get(
            "HCP_VAULT_REFRESH_INTERVAL", SECRET_MANAGER_REFRESH_INTERVAL
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5d5f1aa0c69a8d3 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:31
    override = os.getenv("LITELLM_OIDC_ALLOWED_CREDENTIAL_DIRS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a60c46aeb1dbe74e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:196
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #378979042b0b8fc5 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:202
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN_V2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b255b4ad4549401 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:208
            actions_id_token_request_url = os.getenv("ACTIONS_ID_TOKEN_REQUEST_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32ce1bc28da32449 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:209
            actions_id_token_request_token = os.getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #362b01d6614b5b9f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:239
            azure_federated_token_file = os.getenv("AZURE_FEDERATED_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa92f73d79fba5eb Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:254
            with open(azure_federated_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc4ff56c1ca0440d Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:260
            with open(safe_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68a1b65feb0894ee Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:265
            oidc_token = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ce31af0af4bcd16 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:271
            token_file_path = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb24e94bcb88f201 Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:274
            with open(token_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28fd53f278193b15 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:309
                secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3565c303dd0a872 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:320
            secret = os.environ.get(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d65cc23346d1a628 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:61
        encrypted_secret: Any = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15cedb7d3323891c Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:88
        encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66422e0a0f5719c3 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:182
        secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b44b875c9e33e114 Environment-variable access.
pkgs/python/[email protected]/litellm/setup_wizard.py:133
    return sys.stdout.isatty() and os.environ.get("NO_COLOR") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62983dd6bcec0a35 Filesystem access.
pkgs/python/[email protected]/litellm/setup_wizard.py:243
            config_path.write_text(
                SetupWizard._build_config(providers, env_vars, master_key)
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7d92921bf40e7c5 Filesystem access.
pkgs/python/[email protected]/litellm/setup_wizard.py:287
        with open("/dev/tty", "rb") as tty_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #859da1a956a41a48 Environment-variable access.
pkgs/python/[email protected]/litellm/types/integrations/slack_alerting.py:54
            os.getenv(
                "SLACK_DAILY_REPORT_FREQUENCY",
                int(SlackAlertingArgsEnum.daily_report_frequency.value),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1f43787e91c1b57 Environment-variable access.
pkgs/python/[email protected]/litellm/types/proxy/guardrails/guardrail_hooks/zscaler_ai_guard.py:91
        api_base = self.api_base or os.getenv(
            "ZSCALER_AI_GUARD_URL",
            "https://api.us1.zseclipse.net/v1/detection/execute-policy",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #525e1d93e3bdee58 Environment-variable access.
pkgs/python/[email protected]/litellm/types/proxy/guardrails/guardrail_hooks/zscaler_ai_guard.py:99
            env_policy = os.getenv("ZSCALER_AI_GUARD_POLICY_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ca58a5bb4f9b3ba Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6268
    no_proxy = os.getenv("NO_PROXY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8700f35abe5d2d1b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6321
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fa3a209de47ef17 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6327
                "AZURE_API_BASE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25e2deba9bfb448e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6328
                and "AZURE_API_VERSION" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14b060da66ad3fe6 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6329
                and "AZURE_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccb0f1cbbf14e246 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6338
                "ANTHROPIC_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18acc79cd4c83930 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6339
                or "ANTHROPIC_AUTH_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #646ae72c2d8310ed Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6345
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05597cda2225675d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6350
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6d34d6f8816f1a2 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6355
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ab5d52088e48861 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6360
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af938566f88b0cb3 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6365
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbf5876a6baac024 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6370
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #619a0169bf603ccf Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6375
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b34337ba37cbd67 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6380
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e15dbe1701f6708 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6385
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80a3ee9a0efc9cd9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6390
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06e5106ef9ddc0d4 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6395
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81d535b7d0c3bce8 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6400
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05450e9972ca0060 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6406
                "AWS_ACCESS_KEY_ID" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8ac15e9d0ea1306 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6407
                and "AWS_SECRET_ACCESS_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c38cc468adb3f382 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6410
                "AWS_ROLE_ARN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6690659f2122280a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6411
                or "AWS_PROFILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1fab6c36f6a18ff Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6412
                or "AWS_WEB_IDENTITY_TOKEN_FILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75fb1720606e6d8f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6414
                in os.environ  # ECS task role

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df9f11391fee1d0f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6416
                in os.environ  # ECS/Fargate full URI credential delivery

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfc45df20797c260 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6423
            if "OLLAMA_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9dfa1fe77aaccd1 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6428
            if "ANYSCALE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a1eab2868b0dfce Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6433
            if "DEEPINFRA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28f39c1ff47ac838 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6438
            if "FEATHERLESS_AI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2e8f1595827398e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6443
            if ("GOOGLE_API_KEY" in os.environ) or ("GEMINI_API_KEY" in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4edb2d6e750239d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6449
            if "GROQ_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a37def401b16d55a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6454
            if "NVIDIA_NIM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82b6dd8ea22d30aa Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6459
            if "CEREBRAS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04673573f47019db Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6464
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b70b7e82d593ea79 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6469
            if "XAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2b4c42fcc964668 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6474
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d18f0ec8b813d72 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6479
            if "VOLCENGINE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a1a5f5ecd96ed6b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6487
            if "CODESTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e44e74c074806734 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6492
            if "DEEPSEEK_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e34cc3b0b08b3ccc Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6497
            if "MISTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2912643d11df086b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6502
            if "PALM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #371db42e1193297a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6507
            if "PERPLEXITYAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86a21d6e51b90c8e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6512
            if "VOYAGE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7b62fa752bf021a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6517
            if "INFINITY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7354a338bc74db0e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6523
                "FIREWORKS_AI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a887b77b6b2ec8bd Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6524
                or "FIREWORKS_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ba8cd7aca5734b8 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6525
                or "FIREWORKSAI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c58f1929669b353e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6526
                or "FIREWORKS_AI_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa9fcffc1263b252 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6532
            if "CLOUDFLARE_API_KEY" in os.environ and (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e91564432581e63 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6533
                "CLOUDFLARE_ACCOUNT_ID" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dadcaf748224f948 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6534
                or "CLOUDFLARE_API_BASE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29c4c76f63e10036 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6541
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #516ec53b0a93550a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6546
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ade6d189f8ce5d4c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6551
            if "WANDB_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a20b10103e40065d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6556
            if "DASHSCOPE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad77ed1c284e1311 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6561
            if "MOONSHOT_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e6cf1706ee9fa63 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6574
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #684ae6c5952e4805 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6581
                "ANTHROPIC_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1a7f2153555e339 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6582
                or "ANTHROPIC_AUTH_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fa38da1ee40bf1f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6589
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e956999388ebe23c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6595
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9e410a1d4e14443 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6601
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22d057c87d882482 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6607
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #281b6b1ecaf78b9b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6613
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #947c270b28020255 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6623
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09ad7789f17cdbac Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6629
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50409ea7e6cb23a2 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6635
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f52fe02631e8aa85 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6641
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1f5ea2e515ddb00 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6647
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f804bb4359237fcb Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6653
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #897cb0e1749d1f98 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6659
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f0cbd21b76ed64d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6664
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baedbf446b83e4cb Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6669
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94182bb3b6c7e5c8 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6674
            if "WANDB_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31f3ef88879986c3 Filesystem access.
pkgs/python/[email protected]/litellm/utils.py:7061
        with open(config_path, "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5e0ff269fce4c2a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:7338
            for k, v in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98d87e29bd34dc25 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:7402
    environ_keys = os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-cloud-aiplatform

python dependency
high pii_flow dependency Excluded from app score #117964831a143666 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1848 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1851 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1848
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {self.api_client._api_client._credentials.token}"
                    )
                },
                timeout=(
                    self.api_client._api_client._http_options.timeout / 1000.0
                    if self.api_client._api_client._http_options.timeout
                    else None
                ),
            ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #e2d628d9e597abd5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1800 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1803 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1800
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {initializer.global_config.credentials.token}"
                    )
                }
            ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #1ad19b14a926e551 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1842 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1845 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1842
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {self.api_client._api_client._credentials.token}"
                    )
                },
                timeout=(
                    self.api_client._api_client._http_options.timeout / 1000.0
                    if self.api_client._api_client._http_options.timeout
                    else None
                ),
            ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #d9d9eb425db98025 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1957 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1960 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1957
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {self.api_client._api_client._credentials.token}"
                    )
                },
                timeout=(
                    self.api_client._api_client._http_options.timeout / 1000.0
                    if self.api_client._api_client._http_options.timeout
                    else None
                ),
            ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #e22b522fb7db9d39 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1791 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1794 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1791
            httpx_client=httpx.AsyncClient(
                headers={
                    "Authorization": (
                        f"Bearer {initializer.global_config.credentials.token}"
                    )
                }
            ),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry dependency Excluded from app score #db7486fbb4435d8a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:2191
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3c493c42c0b13e46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:2205
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9fea36aa6d2bcb29 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:2233
        import opentelemetry.exporter.cloud_trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #61374b35e6576351 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:106
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eabd9070f5d53ea0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:284
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b52ecb119825bc83 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:285
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #49ac6e534b4533aa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:293
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8eb6f3511d622fd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:294
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #62f0d5ccda81e768 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:371
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7afbd34540dcb98f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:372
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dba19398d97a09ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:373
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fa901d90503217b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:374
        import opentelemetry._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a85442ed3d62efbe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:381
        import opentelemetry.sdk.resources

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0628824bb39a2e6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:382
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e200a7eca30219c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:383
        import opentelemetry.sdk.trace.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c865387963ec7cfa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:384
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1da1f0b289bd577c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:385
        import opentelemetry.sdk._logs.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f30ee012290de42 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:386
        import opentelemetry.sdk._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1ecb5c7ae13db03c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:419
            import opentelemetry.exporter.otlp.proto.http.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ad75b34e86ff64ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:420
            import opentelemetry.exporter.otlp.proto.http.trace_exporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7bba597ada98703f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:496
            import opentelemetry.exporter.cloud_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b4335e61c20775e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:554
        from opentelemetry.instrumentation import google_genai

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bbfd486917046146 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/ag2.py:37
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e37098f0511571c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/langchain.py:54
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #32c9559a007c37a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/langgraph.py:49
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #978169be277bdbfc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/llama_index.py:42
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6213a2e12344329f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/_utils.py:712
        import opentelemetry  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #20a37a036d060d98 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/_utils.py:726
        import opentelemetry.sdk.trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f28a132fb2b2cab6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/_utils.py:754
        import opentelemetry.exporter.cloud_trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #891a3728709d6bba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:90
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #18b13ec7e09754ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:268
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b915c4bb2bd362d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:269
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #54a9943a4245ce42 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:277
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c3d78a89e6dfd0df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:278
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb9dd38907af7442 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:355
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c5a8810656b56cbc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:356
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a29e3946f8f7668f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:357
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a3a3efffc964a971 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:358
        import opentelemetry._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #afa39f49a6400896 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:365
        import opentelemetry.sdk.resources

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2458ad2de7e1400e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:366
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef03d4b64b5030c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:367
        import opentelemetry.sdk.trace.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #21f99475a5d1d7ee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:368
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #946cb025797895fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:369
        import opentelemetry.sdk._logs.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #15a12532042a0a6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:370
        import opentelemetry.sdk._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d354cc6834d18e7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:403
            import opentelemetry.exporter.otlp.proto.http.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a06f430bc08e9d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:404
            import opentelemetry.exporter.otlp.proto.http.trace_exporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9acde490209cdb89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:480
            import opentelemetry.exporter.cloud_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #70e5176a7be65c3a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:538
        from opentelemetry.instrumentation import google_genai

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d798d698369b78d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/ag2.py:37
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fa0e751c86efd3fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/langchain.py:54
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f53869fe22960b1b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/agent_engines/templates/langgraph.py:49
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #092322165107bc9a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:91
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #38db227c8a7110cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:329
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #13cd94eeddc5e696 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:330
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d5cd55e8f8e22dcb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:338
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d60b09904aaaddec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:339
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #84b70397100f125a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:406
        import opentelemetry

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d2b3f0c9c7b3a85a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:407
        import opentelemetry.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8a7ebe5e5c96beb8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:408
        import opentelemetry._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d7c18dbd49a6ed1c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:409
        import opentelemetry._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cd58d1b71195e57a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:416
        import opentelemetry.sdk.resources

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #55493fc69d5c5a80 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:417
        import opentelemetry.sdk.trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9011b6227e5ee10e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:418
        import opentelemetry.sdk.trace.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #09b12794379176c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:419
        import opentelemetry.sdk._logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97a67712113d8260 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:420
        import opentelemetry.sdk._logs.export

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b089af832b27151 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:421
        import opentelemetry.sdk._events

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f310043e76ceffce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:454
            import opentelemetry.exporter.otlp.proto.http.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c3ea64e4f64304ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:455
            import opentelemetry.exporter.otlp.proto.http.trace_exporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f93dc1de50dc51b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:528
            import opentelemetry.exporter.cloud_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d3fa4b061dfcbbf8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:585
        from opentelemetry.instrumentation import google_genai

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e7c0b13ad14b786a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/ag2.py:37
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f1785ad78d809caf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/langchain.py:54
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9ed7cc564ff395e8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/langgraph.py:57
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fde0cb69c0be682e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/llama_index.py:42
        from opentelemetry.sdk import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9fca17e3a19f767c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/reasoning_engines/_utils.py:365
        import opentelemetry  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd2164821a28cb10 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/reasoning_engines/_utils.py:379
        import opentelemetry.sdk.trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eec293be96a5f516 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/vertexai/reasoning_engines/_utils.py:407
        import opentelemetry.exporter.cloud_trace  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 508 low-confidence finding(s)
low env_fs dependency Excluded from app score #da62064f7bc2cf53 Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/_agent_engines_utils.py:1463
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #712e26a2ea131070 Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:2169
    original_location = os.environ.get("GOOGLE_CLOUD_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f07498588d3b05b Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:2191
                os.environ["GOOGLE_CLOUD_LOCATION"] = "global"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e08a05bafb54d687 Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:2220
                del os.environ["GOOGLE_CLOUD_LOCATION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7ffcbbff3dbe4ee Environment-variable access.
pkgs/python/[email protected]/agentplatform/_genai/_evals_common.py:2222
                os.environ["GOOGLE_CLOUD_LOCATION"] = original_location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #498c91b83739d174 Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/_skills_utils.py:46
                with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e42be3ca370d3f28 Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/types/common.py:1930
        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c00c4ae5c730d08 Filesystem access.
pkgs/python/[email protected]/agentplatform/_genai/types/common.py:2032
                with open(config_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64b5f1d9a3cb828e Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1133
        if GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f55ac03b2e78a82 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1134
            os.environ[GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY] = "unspecified"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b56f08e56935489b Filesystem access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1158
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f871a168e718154a Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1372
        if env_var not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beb1c40901c9ccd0 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/_agent_engines.py:1375
            aip_types.EnvVar(name=env_var, value=os.environ[env_var])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5e64cd453da4727 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:320
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53938dba413d1a24 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:322
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7faa4615e9465f0 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:324
        os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa25a645e05c92de Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/a2a.py:325
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", "test-agent-engine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0344e7eff051b43d Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:362
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29daee8c2c4b5a7e Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:362
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(
            "GOOGLE_CLOUD_LOCATION", ""
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50d986144ec87aa5 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:365
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #673655dba21b8361 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:403
            "service.name": os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bc6955d9a67228b Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:406
                os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63c662fda9047973 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:407
                or os.getenv("GOOGLE_CLOUD_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d973f32c974b83f Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:519
        if "gen_ai_latest_experimental" in os.getenv(
            "OTEL_SEMCONV_STABILITY_OPT_IN", ""
        ).split(","):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b98103f32cf637d5 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:526
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3729b5a4c1247225 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:537
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cef3a480373809d Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:636
    use_mtls_endpoint_str = os.getenv(
        "GOOGLE_API_USE_MTLS_ENDPOINT", _MtlsEndpoint.AUTO.value
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d684ca3841c5b3a Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:674
        use_client_cert_str = os.getenv(
            "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f03decbb5f89ae1c Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:787
                initializer.global_config.api_key or os.environ.get("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #384e26d3bf5018f8 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:957
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33738ee7f4b3f10c Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:960
            os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26c7b4acfc82e641 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:963
            if "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd2714db75f3bd7f Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:964
                os.environ["GOOGLE_CLOUD_AGENT_ENGINE_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da11111fc9bff928 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:965
            if "GOOGLE_CLOUD_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e31ce50e68c50e0 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:966
                os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95fec100d8d7ecb0 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:967
        agent_engine_location = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e87b3efeabd00282 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:967
        agent_engine_location = os.environ.get(
            "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION",  # the runtime env var (if set)
            location,  # the location set in the AdkApp template
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0a1f634a11d7b54 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:973
            os.environ["GOOGLE_API_KEY"] = express_mode_api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d9de5755cfef12e Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:975
            os.environ.pop("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b23b5319bde521f8 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:976
            os.environ.pop("GOOGLE_CLOUD_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf4a0e35a9dfd787 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:977
            os.environ.pop("GOOGLE_CLOUD_PROJECT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0701cc985f9c0709 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:984
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6970651fef2ef680 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:986
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a61051b92465bdc4 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1032
            if "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ac89c248f426968 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1033
                self._tmpl_attrs["app_name"] = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5562210b82c5f45 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1033
                self._tmpl_attrs["app_name"] = os.environ.get(
                    "GOOGLE_CLOUD_AGENT_ENGINE_ID",
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3960c2c22df66e14 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1048
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #064cfd0197ae3643 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1059
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac50645d3f95bea4 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1071
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e11d426d2ca5386 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1080
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ and is_version_sufficient(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b42956ac0049a039 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1093
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ee938e122358371 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:1105
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd1bf471a1028357 Environment-variable access.
pkgs/python/[email protected]/agentplatform/agent_engines/templates/adk.py:2114
        env_value = os.getenv(
            GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY, "unspecified"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ca67e41cb9f396c Filesystem access.
pkgs/python/[email protected]/agentplatform/preview/rag/rag_data.py:449
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #735b7d850918a5c5 Filesystem access.
pkgs/python/[email protected]/agentplatform/rag/rag_data.py:427
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79a9467e24817be4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/docker_utils/run.py:52
    return os.environ.get(_ADC_ENVIRONMENT_VARIABLE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15ba6c940cb71dfb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/explain/lit.py:219
        if os.environ.get("LIT_PROXY_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd0b0be9a02fc5e4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:92
            project_number = os.environ.get("GOOGLE_CLOUD_PROJECT") or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0b5d69417191303 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:92
            project_number = os.environ.get("GOOGLE_CLOUD_PROJECT") or os.environ.get(
                "CLOUD_ML_PROJECT_ID"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0e8222330b87944 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:379
        location = os.getenv("GOOGLE_CLOUD_REGION") or os.getenv("CLOUD_ML_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd85d21f81a71526 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/initializer.py:429
        vertex_product = os.getenv("VERTEX_PRODUCT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efe844d9c108efe8 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/jobs.py:2147
                with open(autolog_script_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e618ed19dfabacb Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/jobs.py:2157
                    trainer_script = open(script_path, "r").read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f67cb0871efd86a Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:60
    with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4989392fc6f4c212 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:156
    with open(model_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7c063a736eee796 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:340
    with open(example_file, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f34f01a906e7eca Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/_models.py:895
            with open(destination_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6266636e3f79164e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/metadata.py:267
        if os.getenv(constants.ENV_EXPERIMENT_KEY):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #112e0191634e19c1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/metadata.py:269
                os.getenv(constants.ENV_EXPERIMENT_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06005a130001a890 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/metadata/metadata.py:280
        env_experiment_run = os.getenv(constants.ENV_EXPERIMENT_RUN_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e571da4d54dcde79 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/local_endpoint.py:396
                with open(request_file) as data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #656d313066c821e9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:61
        if "HANDLER_MODULE" not in os.environ or "HANDLER_CLASS" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb128613c5a661af Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:66
        handler_module = importlib.import_module(os.environ.get("HANDLER_MODULE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28bfb28e8298bd70 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:67
        handler_class = getattr(handler_module, os.environ.get("HANDLER_CLASS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9242d69e52791df0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:73
        if "PREDICTOR_MODULE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f5c1674e167bba5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:75
                os.environ.get("PREDICTOR_MODULE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b9102c670913c7b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:78
                predictor_module, os.environ.get("PREDICTOR_CLASS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a54128586d5a2c59 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:82
            os.environ.get("AIP_STORAGE_URI"), predictor=predictor_class

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7ccc1357a3222d3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:85
        if "AIP_HTTP_PORT" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42e22ad4e0ebc0db Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:90
            "AIP_HEALTH_ROUTE" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df02704023480645 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:91
            or "AIP_PREDICT_ROUTE" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #699ae8108944f4b0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:97
        self.http_port = int(os.environ.get("AIP_HTTP_PORT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72a0c9c1b0097c21 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:98
        self.health_route = os.environ.get("AIP_HEALTH_ROUTE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #030396ff9a216290 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:99
        self.predict_route = os.environ.get("AIP_PREDICT_ROUTE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e99383192a252b6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:183
    workers_per_core_str = os.getenv("VERTEX_CPR_WORKERS_PER_CORE", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffb98c713ecf55fe Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:184
    max_workers_str = os.getenv("VERTEX_CPR_MAX_WORKERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7723fc455f4b92a6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:188
    web_concurrency_str = os.getenv("VERTEX_CPR_WEB_CONCURRENCY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2d5a317bb37888d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:198
    os.environ["WEB_CONCURRENCY"] = web_concurrency_str

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41fee0fc7fdf5e60 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:200
        f'Set the number of model server workers to {os.environ["WEB_CONCURRENCY"]}.'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5e8038e70d56261 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/model_server.py:209
        port=int(os.environ.get("AIP_HTTP_PORT")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14e183daa82fed3e Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/sklearn/predictor.py:86
            self._model = pickle.load(open(prediction.MODEL_FILENAME_PKL, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #844b8d76cf8c67a6 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/prediction/xgboost/predictor.py:104
            booster = pickle.load(open(prediction.MODEL_FILENAME_PKL, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a284d5626dfffc3a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:36
    env = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #534ccbd39413db8a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:44
training_data_uri = os.environ.get("AIP_TRAINING_DATA_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba9cb0e241047a40 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:47
validation_data_uri = os.environ.get("AIP_VALIDATION_DATA_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e50964df05aedaf7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:50
test_data_uri = os.environ.get("AIP_TEST_DATA_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97a3cca4887e2715 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:53
model_dir = os.environ.get("AIP_MODEL_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4bf347cc6043a90 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:56
checkpoint_dir = os.environ.get("AIP_CHECKPOINT_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c61c3ba0807a4df8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:59
tensorboard_log_dir = os.environ.get("AIP_TENSORBOARD_LOG_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdbe532c1e448f55 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:68
tf_profiler_port = os.environ.get("AIP_TF_PROFILER_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81aa5de1554aaf0f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:71
tensorboard_api_uri = os.environ.get("AIP_TENSORBOARD_API_URI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb48bd1009cfe38 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:75
tensorboard_resource_name = os.environ.get("AIP_TENSORBOARD_RESOURCE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #283f5d7470ca6ee4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:78
cloud_ml_job_id = os.environ.get("CLOUD_ML_JOB_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccefdb91b3432772 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform/training_utils/environment_variables.py:81
http_handler_port = os.environ.get("AIP_HTTP_HANDLER_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98b1a5cfde0f9688 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/utils/yaml_utils.py:117
    with open(file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b381ef7405a2c6b5 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/bigquery_datasink.py:119
                        with open(fp, "rb") as source_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9467659325df594d Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/predict/sklearn/register.py:160
        with open(model_path, mode="rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77f3a8a84a480444 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/predict/sklearn/register.py:167
                with open(f"{temp_dir}/{model_file_name}", mode="rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8fa19de2ce7d4c8 Filesystem access.
pkgs/python/[email protected]/google/cloud/aiplatform/vertex_ray/render.py:26
        with open(pathlib.Path(__file__).parent / "templates" / file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3df2b5882686cfe1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:193
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3a3aab1fbf5273d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:369
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #597e0b6bff48cf6e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:410
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32f42f5fa88d9a9e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/data_foundry_service/client.py:411
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d3d936f8dd990bf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:210
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10c73c39b28eccf8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:530
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56277938482af3c3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:571
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a6572610001a8b9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/dataset_service/client.py:572
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d4ef295bb394f68 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:211
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #024e527afc79177f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:477
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e871753bf256dfa8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:520
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee58a5717edfa197 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/deployment_resource_pool_service/client.py:521
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3648dd6c9b7e9cce Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa3f19d965319153 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:507
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fdc2df250a36d39 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:548
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05f895b9b1c947d1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/endpoint_service/client.py:549
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #734c7411c114cbe1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:191
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62533c67119be43d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:367
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1037aa0b692678f4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:408
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d3d2566ff3f212e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/evaluation_service/client.py:409
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d19f50cf0ccd99a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:223
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18781a4932cfbd4c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:471
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55c7ab9582232dd2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:514
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c570e7820c599ccf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_admin_service/client.py:515
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #048f5fa7c611aed4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:198
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0373a61340591273 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:398
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fadb535fd289c422 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:439
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c67cf3c47395474 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_online_store_service/client.py:440
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31ead9509712e392 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42b6bb682b0f50e0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:429
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2304d05e84a98f05 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:470
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98d93cfe8fab3f6b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/feature_registry_service/client.py:471
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b38f44d0735c70b8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3469415ad92a884a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:407
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a76365dd61449069 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18f543bdf1684450 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_online_serving_service/client.py:451
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92a5fd72bb2a3225 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b93c1c5ddec55ca Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:456
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69c54296f14678eb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:497
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #762b08ab630fec9a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/featurestore_service/client.py:498
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79364b563b23b484 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77694e09d5bec6a3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:420
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ebae9b9802c8bc2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:461
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92d3a9b6ef197391 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_cache_service/client.py:462
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #019472ec76f6e234 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ee29a55f284d5fa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc2f1c6b1cc6c85b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17739c146290255f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/gen_ai_tuning_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d09e7a128c74f258 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f8e97963611d8d6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5edb9a48f6e727bc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1bd3870ca2c4b10 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_endpoint_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7a6e7480053e17b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:203
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9042fac73521dc92 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:423
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b061ec12e5e4651c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:464
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b65a9e5bd9358982 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/index_service/client.py:465
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da131fe62e097eca Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:228
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71dab8c42f699273 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:803
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81435ed36dfe573c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:844
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15564d69a690c42e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/job_service/client.py:845
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe753c40b04f4003 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:194
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08bb4c1e11cd0608 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:414
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cffc48c595bc9294 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:455
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #720d5b0e2dd54dd8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/llm_utility_service/client.py:456
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21c00a63f9395cb3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:192
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34b522a86a87d7ea Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:390
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #434ac96a74be785d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:431
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d5e429fef2e566a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/match_service/client.py:432
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca642ee5ee6e869d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:212
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #849e52b4f579e251 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:506
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27328b7c5280e841 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:547
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7b4fd3f65f2ef6c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/metadata_service/client.py:548
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6037df2c787bdcfd Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:197
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab2291f49394e04d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6b8b9ec01d0b0a5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:563
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14a3f18bb6ac5da2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/migration_service/client.py:564
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #532208fb844a42ef Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:195
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e9a2f750fcdd618 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:454
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0769e8c9d1dae61d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:495
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc772cf05ffab119 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_garden_service/client.py:496
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7a6e600805f4352 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:206
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad086ee704051bd6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:520
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa92f90fff4f977f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:561
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95cb853f3b19a5ce Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/model_service/client.py:562
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #921779a0e9b8490b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:216
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bb41f8232f0a880 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:543
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f596719e7772a91a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:584
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df374fea4c7950d1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/notebook_service/client.py:585
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #108edd9e455f8810 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:209
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7bd9614e5fd89bb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:470
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfee4365cc0ce5e4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:511
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c5125f8a2234fd1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/persistent_resource_service/client.py:512
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc7a6e8f316fce0a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:211
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e1e409efdb33815 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:610
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e2062a02a8dfd52 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:651
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a69ba9ba200e892 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/pipeline_service/client.py:652
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48cca86a7c3dd3aa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f69d73c53a7c5a7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9de7116520e7f64 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d318f1a5addc0c8f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/prediction_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #986f265671b678cd Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2946206d66ddcd85 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:408
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f056d4fb7759c9b6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:451
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ca37647c10e0c1f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_execution_service/client.py:452
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a5bf3cf40a2e4fa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #310d42acc6fe17ba Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:445
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c992d59fb16f29aa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:486
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2116894d2622631a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/reasoning_engine_service/client.py:487
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c99bcfc4f21b4707 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d75ad018fe909f0c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:648
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab294fc68c937b6c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:689
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75d9db22a0b24aa9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/schedule_service/client.py:690
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4d510e685237d85 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88eceea53de38e61 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76164a3b592758d2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8abf8074cd7268b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/session_service/client.py:492
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b97bf931acd9725 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8597d9d50937017 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:403
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #634c7e522c4717c3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ebfb3fed3cf639a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/specialist_pool_service/client.py:445
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fead199ecccce38f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce3ca0519bedca08 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #503586d84285f721 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:532
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4e7e5819a8ffaaa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/tensorboard_service/client.py:533
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e8abadcbc331daa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68bb918289041f50 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:509
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f04570e330eec0d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:550
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7255ef27064c7a8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_data_service/client.py:551
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daddf19a669a1e25 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:196
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b00f3c769376a68f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:394
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e6feb4e1f5dc406 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:435
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #558e4e69454875ba Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vertex_rag_service/client.py:436
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b231f6c129716eab Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df243ff8bb7dc816 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e828d1ebb01fab7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7af609f2e2ab2a99 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1/services/vizier_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e04fe28d5684a4ad Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:210
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6cc216b18839ad4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:618
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c50bbacc933d2cf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:659
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e1a3df49d751057 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/dataset_service/client.py:660
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ff7ea08ed684b47 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cebe4b9643fdbfec Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:479
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #686a09166473739b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26e60730529a0e80 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/deployment_resource_pool_service/client.py:523
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b38d241c1cd9b963 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ae7a407f61a5696 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:507
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a337e844e43aac9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:548
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e0fbba8edfb40f2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/endpoint_service/client.py:549
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ad2f430e65ad136 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:194
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6de4b0c5d107176c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:392
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ddc9bc0770d0fbf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:433
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d26b8f345185187 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/evaluation_service/client.py:434
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ad9f9cc145e4bcb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:199
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8037db8bd8bf7242 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:397
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #649a8172e41263f8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:438
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36b3c5e4a8df7fcc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/example_store_service/client.py:439
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef9581663ea989dc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:194
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdf3dc0525be79d9 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:414
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5e24fb2b53308dc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:455
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8eed86a6770ae6f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_execution_service/client.py:456
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12c8fdb963171ceb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #093f9c14ea48b6da Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:445
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19376369f1b7da93 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:486
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33cb480598662ec8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/extension_registry_service/client.py:487
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd81a0c59a807bab Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:223
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb20bfc0a2c6cddc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:471
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e24e0237ab32b3a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:514
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c38a0dd6f7739406 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_admin_service/client.py:515
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca993e3fad2c1c75 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:198
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91b7278a1850d9a3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:398
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0776fe9970b1571 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:439
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6634a2028ae4682f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_online_store_service/client.py:440
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9ad1d34f69fe3c8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:214
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c457902de373cac4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5d24d19588d9bc1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #382db6a4cece50a2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/feature_registry_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23be197f1af272cb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bb724d4ccf3ca81 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:407
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a50b756e4f76bd9b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0cf1913d655d8bf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_online_serving_service/client.py:451
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d3d3c4885d142c0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:210
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #967e6c12241c4323 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:458
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b9f77c2b7e79f12 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:499
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ca2adb5245d4d9f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/featurestore_service/client.py:500
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #454789eddeb7d83a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #973ab05e6276b369 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:420
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e06db26cf5160d9c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:461
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffb0429fb3012823 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_cache_service/client.py:462
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fc36908cbeea407 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5810a61a423963d0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5536b4de11f83361 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2aef8b7030c28e23 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/gen_ai_tuning_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6145161b3b3467fa Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d5a95b74cbcde3a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #147970706e94c36d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edcd7e66073f6129 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_endpoint_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21665e4da34b7e79 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:203
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9830ad840a0e0bd Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:423
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88f96ba9797147ab Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:464
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #073841dc2c3993c5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/index_service/client.py:465
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b0a9b80862d0a79 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:230
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11729ef1105442d2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:805
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b97180cf10fabd1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:846
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2828cbbca5e9aed2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/job_service/client.py:847
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1227a3dc00d4a33b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:192
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9b3d69a7b4fe424 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:390
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71f1c3ab7dd5c746 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:431
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35c8c05bb0561393 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/llm_utility_service/client.py:432
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7818f3df752ff78 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:192
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e9ca0f0862ec194 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:390
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc01d3127369776d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:431
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbacce29213e47dc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/match_service/client.py:432
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37f29d74aac59540 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:199
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2726f980ba082c59 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:445
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbcfb8a4ac30dfeb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:486
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc45832dc37487df Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/memory_bank_service/client.py:487
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fa2f21ca8c0f681 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:212
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eab144803e1392a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:506
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e15e75470305f11 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:547
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b6a5c72b30ca780 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/metadata_service/client.py:548
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81aa125ba827fefe Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:197
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83d01a34e811bc30 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c4d64d5af3c7fc3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:563
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d9832a1e4c272cb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/migration_service/client.py:564
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5015d350cf978128 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:196
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba9fb44af16e985c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:455
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c370eb51b6445983 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:496
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #570de933b2614315 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_garden_service/client.py:497
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65e35c29db9757d8 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14021079cafd12f4 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:567
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49918e1be1344a41 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:608
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eefda90518848d1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_monitoring_service/client.py:609
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b0e21c27687031f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b59728ecc8a1ce1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:522
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a94c6c33d6987960 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:563
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0185ae909a5cebf Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/model_service/client.py:564
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0131d6061874092f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:218
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e66aba98847c1e0 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:545
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e99af7850d65d89 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:586
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ceee0668a9a9c91 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/notebook_service/client.py:587
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73798b0d4c0e2ed2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:204
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fb45ff41ecef297 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:402
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd0b0c467186ba98 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:443
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4df28bde9173447e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/online_evaluator_service/client.py:444
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9e80f1cdadcf1b6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:209
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #767c6885b788ea84 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:492
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c8c5f782eb6ab60 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:533
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b39a394fa05adc2 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/persistent_resource_service/client.py:534
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cca872bdf4e0798b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bfc32459e603096 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:612
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #246604ddebccef43 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:653
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #276605b3be2815b1 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/pipeline_service/client.py:654
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #770d26db51a6d24d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a47eb2e6ba38631d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:488
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24da1b83a8e08547 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:529
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11d95151f2072ed3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/prediction_service/client.py:530
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ae3245646f7d85b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:208
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81291e37d3f2ca5b Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:408
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #497ddb97c7b1ac09 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:451
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5480a1d5048b2efc Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_execution_service/client.py:452
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f9bd1475ed46869 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:215
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99eceb53c3cae856 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edcc69bebaca19d6 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:528
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #130f163e5271c7ab Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_runtime_revision_service/client.py:529
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d89d68db18735d42 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:203
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55b43e851c4eea07 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:493
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf7c43aef91d5400 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:534
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e158155142100f14 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/reasoning_engine_service/client.py:535
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72ea5319e93b6c24 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:206
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #959b9eca1e38dcc7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:761
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7a122191b31fc35 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:802
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #733eec0b98593e59 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/schedule_service/client.py:803
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2b0fb4a2e766dff Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:202
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee7771c2e35f788a Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:450
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76b71d802aef669f Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e9d9b360f1486ba Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/session_service/client.py:492
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #237405fc513f8ad7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:205
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1b85476bbddd88c Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:403
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e0704ab7711b828 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06fbba6d595cc6be Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/specialist_pool_service/client.py:445
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b979ab031e8b238 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:213
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72b236794adc8895 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:491
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #997fa66d06d03219 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:532
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f34a960b042f495e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/tensorboard_service/client.py:533
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8be989b948bc0c97 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:201
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7f75676d5c6b98d Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:559
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a4c0e82d2eef450 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:600
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47a121b77b067528 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_data_service/client.py:601
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #475db3cda6b51cd3 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:196
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae76ec8a44c6d310 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:394
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfb90b53c9b580cb Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:435
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb5c2c056431fb5e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vertex_rag_service/client.py:436
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ef6ce164ceeaa6e Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:200
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #723b50c87bdedc73 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:444
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06f7ca5d614cdb79 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:485
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c28dd36f2629fa03 Environment-variable access.
pkgs/python/[email protected]/google/cloud/aiplatform_v1beta1/services/vizier_service/client.py:486
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d3a18bb0772ec43 Filesystem access.
pkgs/python/[email protected]/setup.py:28
with io.open(readme_filename, encoding="utf-8") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #544e14c945c66866 Filesystem access.
pkgs/python/[email protected]/setup.py:32
with open(os.path.join(package_root, "google/cloud/aiplatform/version.py")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5228b97c3ebccf0 Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/_agent_engines_utils.py:1461
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d3d5c648fa9405b Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2150
    original_location = os.environ.get("GOOGLE_CLOUD_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2d4d7833f78a316 Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2172
                os.environ["GOOGLE_CLOUD_LOCATION"] = "global"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0014894c5f9bd901 Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2201
                del os.environ["GOOGLE_CLOUD_LOCATION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28c986063f8b0ee0 Environment-variable access.
pkgs/python/[email protected]/vertexai/_genai/_evals_common.py:2203
                os.environ["GOOGLE_CLOUD_LOCATION"] = original_location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e3745bd19516c60 Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/_skills_utils.py:50
                with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6649374dcae1a6d2 Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/types/common.py:1837
        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f86761ddd82302a Filesystem access.
pkgs/python/[email protected]/vertexai/_genai/types/common.py:1939
                with open(config_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec44a7d26406b3a4 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1131
        if GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fce026511ecf597a Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1132
            os.environ[GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY] = "unspecified"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4d7deaa2889977f Filesystem access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1156
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47fd0438782ad66d Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1369
        if env_var not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #212e4c1823c92fc4 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/_agent_engines.py:1372
            aip_types.EnvVar(name=env_var, value=os.environ[env_var])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49f5953c3fb0265b Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:320
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d3e883f26b68bd2 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:322
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c068d91de37c9a5 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:324
        os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #839b756e050acd67 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/a2a.py:325
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", "test-agent-engine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48d7a2b66df51983 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:346
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #110232f3c6f9326d Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:346
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(
            "GOOGLE_CLOUD_LOCATION", ""
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3b0ee121a939488 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:349
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #581fe2ea1674876f Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:387
            "service.name": os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25df7d981e983cb0 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:390
                os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2881ad693b0a5e0c Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:391
                or os.getenv("GOOGLE_CLOUD_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59b0af005368d65b Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:503
        if "gen_ai_latest_experimental" in os.getenv(
            "OTEL_SEMCONV_STABILITY_OPT_IN", ""
        ).split(","):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14375e92ad5e6ed3 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:510
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7180e9860c1ea676 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:521
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf087835055e5048 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:620
    use_mtls_endpoint_str = os.getenv(
        "GOOGLE_API_USE_MTLS_ENDPOINT", _MtlsEndpoint.AUTO.value
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #441b95da44aaeb3b Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:658
        use_client_cert_str = os.getenv(
            "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24eb00e175e5a5ac Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:764
                initializer.global_config.api_key or os.environ.get("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a72d3dc1ab8d8fef Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:928
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fac696ef0d49e93f Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:929
        os.environ["GOOGLE_GENAI_USE_ENTERPRISE"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fed8d52c9a8c6ba9 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:932
            os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57103e859684972d Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:935
            if "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6aadb7e95745c803 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:936
                os.environ["GOOGLE_CLOUD_AGENT_ENGINE_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bcd05add837a52f Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:937
            if "GOOGLE_CLOUD_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02cec08e52c62a77 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:938
                os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3189767294ee4a7b Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:939
        agent_engine_location = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b08c8a5ecaf004f Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:939
        agent_engine_location = os.environ.get(
            "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION",  # the runtime env var (if set)
            location,  # the location set in the AdkApp template
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce7a4cc137102e33 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:945
            os.environ["GOOGLE_API_KEY"] = express_mode_api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0e5a795e55e4e07 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:947
            os.environ.pop("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60823762315c2185 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:948
            os.environ.pop("GOOGLE_CLOUD_LOCATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a89d85db016cfc7 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:949
            os.environ.pop("GOOGLE_CLOUD_PROJECT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c443ed91b4eed49e Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:956
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aacc0c70acfef6bf Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:958
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c700bdbc6488e46 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1004
            if "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdc04ecb2e5346cd Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1005
                self._tmpl_attrs["app_name"] = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46a0cab980db3f28 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1005
                self._tmpl_attrs["app_name"] = os.environ.get(
                    "GOOGLE_CLOUD_AGENT_ENGINE_ID",
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a94c439015705cd Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1020
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30318c41cb0fb76f Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1031
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ed9cfbf666ae2ea Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1043
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69088225f4b5244b Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1052
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ and is_version_sufficient(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30d0672f52b2bd55 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1065
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd1dfe054daff6db Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1077
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd6c265d7ab22637 Environment-variable access.
pkgs/python/[email protected]/vertexai/agent_engines/templates/adk.py:1810
        env_value = os.getenv(
            GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY, "unspecified"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a68761f6ed66918 Filesystem access.
pkgs/python/[email protected]/vertexai/evaluation/utils.py:214
        with open(filepath, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ab8f98ab7b04ba0 Filesystem access.
pkgs/python/[email protected]/vertexai/evaluation/utils.py:323
        json.dump(summary, open(local_summary_path, "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96154945960e5631 Filesystem access.
pkgs/python/[email protected]/vertexai/generative_models/_generative_models.py:3257
        image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f26f3eb032ec4805 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/metric_utils.py:72
        with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d6ae7cf21ba0716 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/metric_utils.py:203
    with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ecd80c61138ce20 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/utils.py:272
        with open(filepath, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a30d2c326110e38 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/evaluation/utils.py:408
        json.dump(summary, open(local_summary_path, "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87a388f2a84ba2f4 Filesystem access.
pkgs/python/[email protected]/vertexai/preview/rag/rag_data.py:490
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8789b0de1991f7b Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:241
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d28621049dc8779 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:243
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb091af26b82b910 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:245
        os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f568a5b3ceb9d34 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/a2a.py:246
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", "test-agent-engine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc76f22f12877a4c Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:278
    use_mtls_endpoint_str = os.getenv(
        "GOOGLE_API_USE_MTLS_ENDPOINT", _MtlsEndpoint.AUTO.value
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5c35ecfb8394cc9 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:316
        use_client_cert_str = os.getenv(
            "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad6c3252dfdc3e27 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:397
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6925ee04b68ec0df Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:397
        location = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "") or os.getenv(
            "GOOGLE_CLOUD_LOCATION", ""
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b033acba0db40d1f Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:400
        agent_engine_id = os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #001e5d716e3bca59 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:438
            "service.name": os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_ID", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa7369f9fb6b8023 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:441
                os.getenv("GOOGLE_CLOUD_AGENT_ENGINE_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a704e0057559bcf Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:442
                or os.getenv("GOOGLE_CLOUD_LOCATION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5625de7bc5f8b140 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:550
        if "gen_ai_latest_experimental" in os.getenv(
            "OTEL_SEMCONV_STABILITY_OPT_IN", ""
        ).split(","):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58ce3dc28fe0f357 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:557
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #051267484ebe36b4 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:568
                        default_log_name=os.getenv(
                            "GCP_DEFAULT_LOG_NAME", "adk-on-agent-engine"
                        ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a823098cc1c1dea8 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:825
        os.environ["GOOGLE_GENAI_USE_VERTEXAI"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #640f21b9bdf9fe44 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:827
        os.environ["GOOGLE_CLOUD_PROJECT"] = project

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe4804510262a0a9 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:830
            if "GOOGLE_CLOUD_AGENT_ENGINE_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18fe4aad7da068d5 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:831
                os.environ["GOOGLE_CLOUD_AGENT_ENGINE_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86d4703db30b21a8 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:832
            if "GOOGLE_CLOUD_LOCATION" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a6bfc0ef2aebca8 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:833
                os.environ["GOOGLE_CLOUD_LOCATION"] = location

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81c5e533cfafbb8f Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:839
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3755e01daadbf96f Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:841
            os.environ["ADK_CAPTURE_MESSAGE_CONTENT_IN_SPANS"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cfc661ed10ca4d0 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:881
            os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88e031070443270a Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:882
        if "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb7c0510ee167c5a Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:883
            self._tmpl_attrs["app_name"] = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bbd61f5032c9db8 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:883
            self._tmpl_attrs["app_name"] = os.environ.get(
                "GOOGLE_CLOUD_AGENT_ENGINE_ID",
                self._tmpl_attrs.get("app_name"),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0354c9d3e2a04409 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:897
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5fa333e002c35eb Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:907
                        agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b977cc5b8b35610 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:922
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7f9cc19699bbdcf Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:931
        elif "GOOGLE_CLOUD_AGENT_ENGINE_ID" in os.environ and is_version_sufficient(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3085dbf698590e2c Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:942
                    agent_engine_id=os.environ.get("GOOGLE_CLOUD_AGENT_ENGINE_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4177cb8991ac1168 Environment-variable access.
pkgs/python/[email protected]/vertexai/preview/reasoning_engines/templates/adk.py:1666
        env_value = os.getenv(
            GOOGLE_CLOUD_AGENT_ENGINE_ENABLE_TELEMETRY, "unspecified"
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60556ddc1f83fd63 Filesystem access.
pkgs/python/[email protected]/vertexai/rag/rag_data.py:429
        "file": open(path, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3efff7cd3d4861a9 Filesystem access.
pkgs/python/[email protected]/vertexai/reasoning_engines/_reasoning_engines.py:603
            with open(requirements) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d78411307afde7e6 Filesystem access.
pkgs/python/[email protected]/vertexai/tokenization/_tokenizer_loading.py:84
    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5321970945b1c860 Filesystem access.
pkgs/python/[email protected]/vertexai/tokenization/_tokenizer_loading.py:98
        with open(tmp_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3163bb41c99f9aa7 Filesystem access.
pkgs/python/[email protected]/vertexai/vision_models/_vision_models.py:186
        image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f993f95070828d31 Filesystem access.
pkgs/python/[email protected]/vertexai/vision_models/_vision_models.py:531
        video_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anthropic

python dependency
high pii_flow dependency Excluded from app score #690d5947ddbe3790 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:384
            self._owned_http_client = httpx.Client(timeout=TOKEN_EXCHANGE_TIMEOUT)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #0e199b52913c5056 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:179
            self._http_client = httpx.Client(timeout=TOKEN_EXCHANGE_TIMEOUT)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 90 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #6cf2687ccbcf3a56 Environment-variable access.
pkgs/python/[email protected]/examples/agents.py:9
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5d0d05fa740469d9 Environment-variable access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:18
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #83ed3f453d94ad9b Environment-variable access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:20
    github_token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9b542bba5295aea3 Filesystem access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:47
    with open(skill_md_path, "rb") as skill_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8473a9fa5f523a2b Environment-variable access.
pkgs/python/[email protected]/examples/agents_with_files.py:10
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1d49dde9851e0fac Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-observe-tool-calls.py:46
    val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0021f98d34650177 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-observe-tool-calls.py:64
    workdir = os.environ.get("ANTHROPIC_WORKDIR", ".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4607e1940919090b Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-self-hosted-sandbox-worker.py:48
    val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9e8017f944ac7e38 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-self-hosted-sandbox-worker.py:60
    workdir = os.environ.get("ANTHROPIC_WORKDIR", ".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6b0d0cb61fceb9cb Environment-variable access.
pkgs/python/[email protected]/examples/workload_identity.py:70
        identity_token_provider=lambda: os.environ["ANTHROPIC_IDENTITY_TOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a1816ded5db668 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:107
    if api_key is not None and os.environ.get("ANTHROPIC_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #173a3b84cba463b5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:109
    if auth_token is not None and os.environ.get("ANTHROPIC_AUTH_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a24c8d8792ce62e3 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:214
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db67eef079d8f6c5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:215
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e3d93a094d882c6 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:221
            webhook_key = os.environ.get("ANTHROPIC_WEBHOOK_SIGNING_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90d3c026695c3aaf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:225
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ccd6ba0f36b7ac1 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:234
        custom_headers_env = os.environ.get("ANTHROPIC_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e3f88390234e726 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:631
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #490291bdcc9f37e3 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:632
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #024011808e334265 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:638
            webhook_key = os.environ.get("ANTHROPIC_WEBHOOK_SIGNING_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ceb57e119d5bd0d Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:642
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a36964d72584b82 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:651
        custom_headers_env = os.environ.get("ANTHROPIC_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d875c5f3b11fc04 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33f40f4a71a45bfa Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c686b85c8246f2be Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfe3ac06d3c655e6 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb1c4fc48a47cbf0 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:464
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c01e1b4ed2edac7 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:477
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5916815c2439087 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37cf60144f50fe3d Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:537
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #295b7c0bfb4a4aae Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:579
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83cfc1bd04511a35 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_utils/_logs.py:17
    env = os.environ.get("ANTHROPIC_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57b37f2007d79cb1 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:250
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d64829ef4d5c61a Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:418
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #026b66cc0ecaac8c Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21de0b8ed1fd9ec1 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:25
        files.append((path.relative_to(relative_to).as_posix(), path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b114da327d7fc08 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:42
        files.append((path.relative_to(relative_to).as_posix(), await path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f3a3b1d9e7f1269 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/aws/_credentials.py:25
        value = os.environ.get(var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #723a4c2d21e83ec0 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/aws/_credentials.py:90
    return os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e8dff93aeed42c1 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:77
    aws_region = os.environ.get("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d60695d692581ad Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:165
            api_key = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d73d78953d7c9f3 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:190
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baa8e4f090ada0fc Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:345
            api_key = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43960e2ccfb6f77f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:370
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c1d00731ee387b8 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_mantle.py:144
        base_url = os.environ.get("ANTHROPIC_BEDROCK_MANTLE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53ea60ad20726395 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:33
    federation_rule_id = os.environ.get(ENV_FEDERATION_RULE_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fe5f3c7ed5b8af7 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:34
    organization_id = os.environ.get(ENV_ORGANIZATION_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19f563369212add3 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:35
    has_literal_token = ENV_IDENTITY_TOKEN in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d1429e00ef5f78c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:50
            value = os.environ.get(ENV_IDENTITY_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10deee2d530580a0 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:65
        service_account_id=os.environ.get(ENV_SERVICE_ACCOUNT_ID),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3426156edc5082e7 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:69
        workspace_id=os.environ.get(ENV_WORKSPACE_ID) or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98fd26936aa42c4a Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:70
        scope=os.environ.get(ENV_SCOPE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85e83b9e990d9546 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:108
    if os.environ.get(ENV_API_KEY):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9225d9e0f1978eda Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:112
    auth_token = os.environ.get(ENV_AUTH_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d4696f42e2c2c9b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:119
    env_explicit = bool(os.environ.get(ENV_PROFILE) or os.environ.get(ENV_CONFIG_DIR))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33a3098b3b34ae28 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:78
    env = os.environ.get(ENV_CONFIG_DIR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5a0dc9dbf962007 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:82
        appdata = os.environ.get("APPDATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35158946f065e5b9 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:92
        name = (_config_dir() / "active_config").read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bb39aabb4a8aee1 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:105
    env = os.environ.get(ENV_PROFILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #921d4ba077e4a04c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:224
    env = os.environ.get(ENV_IDENTITY_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f62076c68a127ce2 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:240
    if os.environ.get(ENV_PROFILE) or os.environ.get(ENV_CONFIG_DIR):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20e7a2e5a645c5cd Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:244
    if os.environ.get(ENV_FEDERATION_RULE_ID) and os.environ.get(ENV_ORGANIZATION_ID):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63b107c195be15d2 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:245
        if os.environ.get(ENV_IDENTITY_TOKEN_FILE) or os.environ.get(ENV_IDENTITY_TOKEN):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b32f63652d9af1b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:88
            v = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45c94b31e5478c08 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:102
            v = os.environ.get(ENV_IDENTITY_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #443ac146ce7f9cfa Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:128
        value = os.environ.get(self._env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce5fe868cd7d738a Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:276
            raw = self._config_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07c8543aaeea7bc4 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:357
            raw = path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14c07defdf5bb0e1 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:692
            content = self._path.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40cd535515f9cf1f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/environments/_worker.py:160
    resolved = value or os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de160006c1e29cb5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:157
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d09851685390f8fd Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:158
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3b7644882b8153f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:159
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #550d420dbdf5340e Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:382
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab2c30a05a822f8b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:383
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caab26e591d53775 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:384
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e11cc77fb76b645a Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:356
        return full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #955be0b4931c9190 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:653
        return await full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fccb63317830aa09 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_skills.py:138
                with zf.open(info) as src, open(target, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #182670edf0b47b9b Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_skills.py:164
            with extracted as src, open(target, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #35eac69bb386ad99 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:123
    return {k: v for k, v in os.environ.items() if not k.startswith("ANTHROPIC_")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b82d58ad4bb23b4b Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:512
            text = target.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1d3177022ec8139d Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:540
            target.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #683ad77082090d40 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:570
            text = target.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0209c732db847b25 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:582
            target.write_text(updated)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06af36dbf5860d05 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:46
        project_id = os.environ.get("ANTHROPIC_VERTEX_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59e409a79ed0b23f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:114
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d21d9a78855e5e5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:121
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2b8178de23a8dce Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:278
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf76fdcd5ed9ae94 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:285
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openai

python dependency
high pii_flow dependency Excluded from app score #c5279b3ec83a826b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:258 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/openai/lib/azure.py:221 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/openai/lib/azure.py:258
        self._azure_endpoint = httpx.URL(azure_endpoint) if azure_endpoint else None

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #236e8c839cb7c920 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/openai/lib/azure.py:543 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/openai/lib/azure.py:506 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/openai/lib/azure.py:543
        self._azure_endpoint = httpx.URL(azure_endpoint) if azure_endpoint else None

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 59 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #61b9eeb73566e715 Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:30
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #be6cecddb63558cf Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:41
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cf38b70bc6724ec2 Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:31
    endpoint = os.environ["AZURE_OPENAI_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b28ffc614c778f3e Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:37
    deployment_name = os.environ["AZURE_OPENAI_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #870c42a0a54c430e Filesystem access.
pkgs/python/[email protected]/examples/uploads.py:30
    data = file.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e108a52311e0bd33 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:153
api_type: _ApiType | None = _t.cast(_ApiType, _os.environ.get("OPENAI_API_TYPE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6a10dcdbd9a00c2 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:155
api_version: str | None = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdc2744b244b9897 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:157
azure_endpoint: str | None = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05abce74adb5f903 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:159
azure_ad_token: str | None = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d90fb7bab990892e Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:292
    return _os.environ.get("OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f675ac45d6118051 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:296
    return azure_endpoint is not None or _os.environ.get("AZURE_OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0de4b9410184673e Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:301
        _os.environ.get("AZURE_OPENAI_AD_TOKEN") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ff4d5a2edd9f048 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:317
            azure_endpoint = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f8d3b2b020b7186 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:320
            azure_ad_token = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6ec028552100065 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:323
            api_version = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b24bbd745399e120 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:333
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3567672d13b2b828 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:333
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(
                "AZURE_OPENAI_API_KEY"
            ) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #130f4e80bec9c1bd Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:156
                api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a5ed8d662262e54 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:170
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #162ca348446a6594 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:174
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fae0ca01578be8b Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:178
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21a4983b5604b4b7 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:184
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1408a4c7d73314d2 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:585
                api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4430bcf080be0037 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:599
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd28cfe5fe1429e7 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:603
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #330b96f802d120ee Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:607
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef59f408132d1dfc Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:613
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c14b0dcc15627fe4 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:67
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbaa73b93cceb67a Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:79
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61c853462c636842 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:109
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd6f43d8f301820b Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:121
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5423b18b1c1b6d4d Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:441
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56af4bfd8a1c97db Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:454
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc8949b250846310 Environment-variable access.
pkgs/python/[email protected]/src/openai/_models.py:119
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a51845c61a795b1 Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:513
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b47d361af6567dd9 Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:555
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46d1a89a504f75b5 Environment-variable access.
pkgs/python/[email protected]/src/openai/_utils/_logs.py:23
    env = os.environ.get("OPENAI_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edcd2478aae2660c Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b8e173b1ca37028 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa91e920f63b264b Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_utils.py:372
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baba92199a21f268 Filesystem access.
pkgs/python/[email protected]/src/openai/auth/_workload.py:61
            with open(token_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3de9ca9e7830bc92 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:67
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d541e90e922aa00 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:90
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aadb498c36c613b2 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/files.py:55
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93763584d0c04585 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:103
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3170e30692123647 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:119
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #017de7a8bfcb5b4d Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:125
            with open(args.mask, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #990d7df03cddae8c Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:68
    xdg = os.environ.get("XDG_CACHE_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d00dd95078127bc8 Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:76
    if not os.environ.get("DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac0e439cd1157b98 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:121
        with open(temp_file, "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cd260a8fd786262 Filesystem access.
pkgs/python/[email protected]/src/openai/lib/_validators.py:485
                with open(fname, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e466e8c48be63b1e Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:196
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b76f37cb592c2a8 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:199
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9e02e3339731d17 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:207
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9de823978911f51 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:221
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebeb98c0d747597d Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:481
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7716da077da3e567 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:484
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbe059bf3072c449 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:492
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6349d6796c9ed747 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:506
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mcp

python dependency
high pii_flow dependency Excluded from app score #0cf289c2f6018f28 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:433 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:452
        return httpx.Request("POST", token_url, data=refresh_data, headers=headers)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 31 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #b614356bcf8d7286 Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:72
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #53f9587596bb859f Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:281
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9e572db8cefa59b2 Environment-variable access.
pkgs/python/[email protected]/.github/actions/conformance/client.py:349
    scenario = os.environ.get("MCP_CONFORMANCE_SCENARIO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c693f43cd4d16f67 Environment-variable access.
pkgs/python/[email protected]/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py:50
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5bf897d6236f979e Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:343
    server_url = os.getenv("MCP_SERVER_PORT", 8000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ec2a70c3714fd640 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:344
    transport_type = os.getenv("MCP_TRANSPORT_TYPE", "streamable-http")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7d1e54d6f41c8ed1 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:345
    client_metadata_url = os.getenv("MCP_CLIENT_METADATA_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8cdea883bf04c72c Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:24
        self.api_key = os.getenv("LLM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b2423fb33be59ab7 Filesystem access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:45
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ec54938d13ba977a Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:83
            env={**os.environ, **self.config["env"]} if self.config.get("env") else None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c791249bfddc5343 Filesystem access.
pkgs/python/[email protected]/examples/fastmcp/icons_demo.py:14
icon_data = base64.standard_b64encode(icon_path.read_bytes()).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #cba8024791b45a42 Environment-variable access.
pkgs/python/[email protected]/examples/fastmcp/memory.py:52
PROFILE_DIR = (Path.home() / ".fastmcp" / os.environ.get("USER", "anon") / "memory").resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8a3af1328a43b503 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/completion_client.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #55ba9638d0deb0da Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/display_utilities.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6185f62684e1043b Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/stdio_client.py:19
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #88f4624718cad995 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/binary_resources.py:9
    with open("logo.png", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d8024ef59ae50367 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results.py:10
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ce0c423de53e3394 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/embedded_resource_results_binary.py:12
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #20c05c12bda7c698 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/prompt_embedded_resources.py:11
    file_content = open(filename).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #39dae971962d6556 Filesystem access.
pkgs/python/[email protected]/examples/snippets/servers/tool_errors.py:27
    with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a5230bab02071075 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:53
        code = file.read_text().rstrip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e9ac9865240295f5 Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:109
    content = doc_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #da4b5ef52fb08f0a Filesystem access.
pkgs/python/[email protected]/scripts/update_doc_snippets.py:134
            doc_path.write_text(updated_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0454746a5f2822e0 Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:24
        path = Path(os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"), "Claude")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c86c7f37a3113f92 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:77
            config_file.write_text("{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf688db8cb71e985 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:88
        config = json.loads(config_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4765edb4a0711e53 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:135
        config_file.write_text(json.dumps(config, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33752b4bc788d3ff Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/cli.py:282
            env=dict(os.environ.items()),  # Convert to list of tuples for env update

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c403784b65d9ae5b Environment-variable access.
pkgs/python/[email protected]/src/mcp/client/stdio/__init__.py:59
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7220f3b6f8a529c9 Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:47
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffa8ba5392b0311d Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:94
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openhands-sdk

python dependency
high pii_flow dependency Excluded from app score #de1350022a27a6ea User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:130 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:129 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:130
        return httpx.Client(
            timeout=self.timeout,
            headers={
                "Authorization": f"Bearer {api_key_value}",
                "Content-Type": "application/json",
            },
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 74 low-confidence finding(s)
low env_fs dependency Excluded from app score #bf571d1eaebc2495 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/agent/acp_agent.py:114
_USAGE_UPDATE_TIMEOUT: float = float(os.environ.get("ACP_USAGE_UPDATE_TIMEOUT", "2.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #182f960b7f946f19 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/agent/acp_agent.py:119
_ACP_PROMPT_MAX_RETRIES: int = int(os.environ.get("ACP_PROMPT_MAX_RETRIES", "3"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2eb504e167b0f19 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/agent/acp_agent.py:124
    os.environ.get("ACP_CANCEL_DRAIN_TIMEOUT", "2.0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f04490f1260e8890 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/agent/acp_agent.py:302
        data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #271cf26aae22ae9c Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/agent/acp_agent.py:2334
        env.update(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0902d0c0c2fe9c0e Filesystem access.
pkgs/python/[email protected]/openhands/sdk/agent/base.py:85
        with open(_SOUL_PATH, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f21319e02cbab8b Filesystem access.
pkgs/python/[email protected]/openhands/sdk/agent/base.py:397
        return (Path(self.prompt_dir) / filename).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #657890211a539ad4 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/banner.py:20
    suppress = os.environ.get("OPENHANDS_SUPPRESS_BANNER", "").lower() in {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e73109d8a8bbe28d Filesystem access.
pkgs/python/[email protected]/openhands/sdk/context/prompts/prompt.py:36
        with open(path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aa5d3163f3daa1f Filesystem access.
pkgs/python/[email protected]/openhands/sdk/conversation/impl/local_conversation.py:576
            data = json.loads(base_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a81e40e923e9b4da Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/conversation/impl/remote_conversation.py:1003
        ws_timeout = float(os.getenv("OPENHANDS_REMOTE_WS_READY_TIMEOUT", "30"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee1587ca8c810f5e Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/conversation/impl/remote_conversation.py:1005
            if os.getenv("OPENHANDS_REMOTE_WS_READY_REQUIRED", "true").lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8fc80178bdc384d Filesystem access.
pkgs/python/[email protected]/openhands/sdk/conversation/impl/remote_conversation.py:1078
                with open(log_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c79bd610c984a08e Filesystem access.
pkgs/python/[email protected]/openhands/sdk/critic/impl/api/chat_template.py:59
        with open(cache_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0be1936fed7de33 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/critic/impl/api/chat_template.py:75
        with open(cache_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db05babcfcafd3ee Filesystem access.
pkgs/python/[email protected]/openhands/sdk/extensions/installation/metadata.py:153
            return cls.model_validate_json(metadata_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75a6d0457861fdec Filesystem access.
pkgs/python/[email protected]/openhands/sdk/extensions/installation/metadata.py:162
        metadata_path.write_text(self.model_dump_json(indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acf1bca00988d7ac Filesystem access.
pkgs/python/[email protected]/openhands/sdk/git/git_diff.py:120
        with open(path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #276937866b8c8e3d Filesystem access.
pkgs/python/[email protected]/openhands/sdk/hooks/config.py:302
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca9e055f7122b330 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/hooks/config.py:348
        with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d6d2a4ea47d9bd7 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/io/local.py:65
            with open(full_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #294293f6e42a630c Filesystem access.
pkgs/python/[email protected]/openhands/sdk/io/local.py:69
            with open(full_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b583b44e6061569 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/io/local.py:83
        with open(full_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df7739bad1c3b3a4 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/auth/credentials.py:86
            with open(creds_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8797cb5141ee6ca Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/auth/credentials.py:101
        with open(creds_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87f8eedf4ac3e86f Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/llm.py:2465
        if os.environ.get(ENV_ALLOW_SHORT_CONTEXT_WINDOWS, "").lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4673e03d748cce3 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/llm.py:2987
        with open(json_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c9ee6d5e3217e0b Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/llm.py:3035
        for key, value in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26f7dda3e633a37b Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/llm_profile_store.py:299
                    data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fed4dadbd693d6e9 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/image_inline.py:43
    os.environ.get("OH_INLINE_IMAGE_MAX_MB", DEFAULT_MAX_IMAGE_DOWNLOAD_MB)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13f31990825c13cc Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/image_inline.py:49
    os.environ.get("OH_INLINE_IMAGE_CACHE_BYTES", DEFAULT_CACHE_MAX_BYTES)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb991294c71a8e9d Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/image_inline.py:55
    os.environ.get("OH_INLINE_IMAGE_FETCH_TIMEOUT_S", DEFAULT_FETCH_TIMEOUT_S)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b1496af32719c9b Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/image_inline.py:62
_ALLOW_PRIVATE_HOSTS = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49313a3b2c66b071 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/image_inline.py:62
_ALLOW_PRIVATE_HOSTS = os.environ.get(
    "OH_INLINE_IMAGE_ALLOW_PRIVATE_HOSTS", ""
).lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc946fb3963533ad Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/telemetry.py:162
                with open(fname, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05271584bee2debf Filesystem access.
pkgs/python/[email protected]/openhands/sdk/llm/utils/telemetry.py:380
                with open(fname, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8566692e94fed43c Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:29
DEBUG = os.environ.get("DEBUG", "false").lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2895e27779300afc Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:30
ENV_LOG_LEVEL_STR = os.getenv("LOG_LEVEL", "INFO").upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25f220884f228dc5 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:35
ENV_LOG_TO_FILE = os.getenv("LOG_TO_FILE", "false").lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #228612cb474b76e7 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:36
ENV_LOG_DIR = os.getenv("LOG_DIR", "logs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a5be56a5b0cfe0f Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:37
ENV_ROTATE_WHEN = os.getenv("LOG_ROTATE_WHEN", "midnight")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7a9821c7bd3405e Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:38
ENV_BACKUP_COUNT = int(os.getenv("LOG_BACKUP_COUNT", "7"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5716f99ec2fba213 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:41
ENV_JSON = os.getenv("LOG_JSON", "false").lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63ae9012331f1369 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:42
IN_CI = os.getenv("CI", "false").lower() in {"1", "true", "yes"} or bool(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bda87138b5a1450 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:43
    os.environ.get("GITHUB_ACTIONS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c038bdf465122bb Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:45
ENV_RICH_TRACEBACKS = os.getenv("LOG_RICH_TRACEBACKS", "true").lower() in {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89309e7689fef6c3 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:52
ENV_AUTO_CONFIG = os.getenv("LOG_AUTO_CONFIG", "true").lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d5bc2432ccc4553 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/logger/logger.py:53
ENV_DEBUG_LLM = os.getenv("DEBUG_LLM", "false").lower() in {"1", "true", "yes"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #836a5bd58d7813a4 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/marketplace/types.py:256
            with open(manifest_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec1a68f56eb0a457 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/observability/utils.py:10
    return os.getenv(key) or dotenv_values().get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a83cda2e7e125e9b Filesystem access.
pkgs/python/[email protected]/openhands/sdk/plugin/plugin.py:353
            with open(manifest_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d0b479c447fe04a Filesystem access.
pkgs/python/[email protected]/openhands/sdk/plugin/types.py:300
        with open(command_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33f30b7704fff561 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/profiles/agent_profile_store.py:203
                data = json.loads(profile_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11b0d964a046d478 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/profiles/agent_profile_store.py:253
            data = json.loads(old_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39bcae9b2297e848 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/profiles/agent_profile_store.py:277
                data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40c7f87375f8e6e7 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/profiles/agent_profile_store.py:306
                    data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47bbf94900208260 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/secret/secrets.py:31
    base_url = os.getenv(_INTERNAL_SERVER_URL_ENV, _DEFAULT_INTERNAL_SERVER_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b75517a792ccd52a Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:96
        env_key = os.getenv("GRAYSWAN_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82bdc7def7299edd Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/security/grayswan/analyzer.py:106
        env_policy = os.getenv("GRAYSWAN_POLICY_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6844210a679950d9 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/skills/skill.py:381
        with open(path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c7c6771bcbad0b9 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/skills/skill.py:1092
            content = path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #703d8ac07187b042 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/skills/skill.py:1124
PUBLIC_SKILLS_REF = os.environ.get("EXTENSIONS_REF", "main")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1654203f044756d5 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/skills/skill.py:1177
        with open(marketplace_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1b8198bcb0d9402 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/skills/utils.py:98
        if check_env and var_name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b74ce1166702347 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/skills/utils.py:99
            return os.environ[var_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b529d2e616494ae9 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/skills/utils.py:245
        with open(mcp_json_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f76053fbf09d0764 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/subagent/schema.py:356
        with open(agent_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6635d3a9343db6d Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/utils/command.py:37
        base_env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87d4480e3ef4d740 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/utils/truncate.py:42
            file_path.write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4069951e0bdd6c75 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/workspace/remote/base.py:297
        callback_url = os.environ.get("AUTOMATION_CALLBACK_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4ed63efe7cf25a2 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/workspace/remote/base.py:301
        callback_api_key = os.environ.get("AUTOMATION_CALLBACK_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c724213c7d8652a1 Environment-variable access.
pkgs/python/[email protected]/openhands/sdk/workspace/remote/base.py:302
        run_id = os.environ.get("AUTOMATION_RUN_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba54de2247eb4d7 Filesystem access.
pkgs/python/[email protected]/openhands/sdk/workspace/remote/remote_workspace_mixin.py:226
            with open(source, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af8efa1c248afb7d Filesystem access.
pkgs/python/[email protected]/openhands/sdk/workspace/remote/remote_workspace_mixin.py:299
            with open(destination, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

poetry

python dependency
high pii_flow dependency Excluded from app score #5a8d1c735e06bcf4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/python/[email protected]/src/poetry/utils/authenticator.py:200 · flow /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/poetry/utils/authenticator.py:197 → /tmp/closeopen-i2vetqb5/pkgs/python/[email protected]/src/poetry/utils/authenticator.py:200
        request = requests.Request(method, url, headers=headers, auth=auth)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 21 low-confidence finding(s)
low env_fs dependency Excluded from app score #c34d981be299d340 Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:245
        for env_key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bada91f49adf630 Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:249
                    "url": os.environ[env_key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c7c15760830b11f Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:261
        for env_key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6cbe250660e9e08 Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:263
                if not build_config_setting_validator(os.environ[env_key]):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a58a0aa7d3bbc334 Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:269
                    build_config_setting_normalizer(os.environ[env_key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c3963838290b622 Environment-variable access.
pkgs/python/[email protected]/src/poetry/config/config.py:337
                env_value = os.getenv(env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f6196643471008c Filesystem access.
pkgs/python/[email protected]/src/poetry/inspection/info.py:249
            text = requires.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a45eebaee132ec4 Filesystem access.
pkgs/python/[email protected]/src/poetry/installation/executor.py:886
                url.write_text(json.dumps(url_reference), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd4cd55907d5237d Filesystem access.
pkgs/python/[email protected]/src/poetry/json/__init__.py:15
        (files(__package__) / "schemas" / "poetry.json").read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e692cb6b5498d1ed Filesystem access.
pkgs/python/[email protected]/src/poetry/json/__init__.py:27
        (files("poetry.core") / "json" / "schemas" / "poetry-schema.json").read_text(
            encoding="utf-8"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50b919efe07c4d7e Environment-variable access.
pkgs/python/[email protected]/src/poetry/locations.py:16
    os.getenv("POETRY_CONFIG_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26c56812a004b1c5 Environment-variable access.
pkgs/python/[email protected]/src/poetry/locations.py:22
    if poetry_home := os.getenv("POETRY_HOME"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01264d55a24f1bc8 Filesystem access.
pkgs/python/[email protected]/src/poetry/masonry/builders/editable.py:127
            pth_file = self._env.site_packages.write_text(
                pth_file, content, encoding=getencoding()
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b5f19fa86bcbd19 Filesystem access.
pkgs/python/[email protected]/src/poetry/masonry/builders/editable.py:238
        direct_url_json.write_text(
            json.dumps(
                {
                    "dir_info": {"editable": True},
                    "url": self._poetry.file.path.parent.absolute().as_uri(),
                }
            ),
            encoding="utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5b343ec4d87d5d3 Filesystem access.
pkgs/python/[email protected]/src/poetry/packages/locker.py:273
            with open(self.lock, encoding="utf-8", newline="") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #678d4b078b6a7dcc Filesystem access.
pkgs/python/[email protected]/src/poetry/packages/locker.py:283
            with open(self.lock, "w", encoding="utf-8", newline="") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf6cc770dd9ac673 Filesystem access.
pkgs/python/[email protected]/src/poetry/plugins/plugin_manager.py:316
        self._gitignore_file.write_text("*", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a89516947a2cde31 Filesystem access.
pkgs/python/[email protected]/src/poetry/repositories/installed_repository.py:194
            path.joinpath("direct_url.json").read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8b490cf489bfb10 Environment-variable access.
pkgs/python/[email protected]/src/poetry/utils/constants.py:7
REQUESTS_TIMEOUT = int(os.getenv("POETRY_REQUESTS_TIMEOUT", 15))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a7f2d2ad83eecf6 Environment-variable access.
pkgs/python/[email protected]/src/poetry/utils/isolated_build.py:109
        path = os.environ.get("PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90c1ec59ae41af47 Environment-variable access.
pkgs/python/[email protected]/src/poetry/vcs/git/system.py:41
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lmnr

python dependency
medium telemetry dependency Excluded from app score #496c63592376672f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/__init__.py:4
from opentelemetry.sdk.trace.export import SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #84c6627735c1159d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/__init__.py:5
from opentelemetry.sdk.resources import SERVICE_NAME

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #865711ee8ec50e82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/decorators/__init__.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #408ac546ae65b6c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/decorators/__init__.py:7
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4a9042fcd9f3f0c5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/__init__.py:6
from opentelemetry.trace import SpanKind, Status, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7ffa743dada3030d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/__init__.py:7
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eaf0afaf923167e8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/utils.py:3
from opentelemetry.sdk.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eb8dc76b288ea95b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/utils.py:4
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #480bc767517f3dbc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ab5d1838192dbc17 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:7
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #127240fcdcdc6181 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:8
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c3ba64544a23d56b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:9
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c551f935b0593558 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:13
from opentelemetry.trace import Span, Tracer, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9390cbe9a517ddd0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:14
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #923eaf9a606658dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/rollout.py:14
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #598621c09937ddcf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/span_utils.py:5
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_FREQUENCY_PENALTY,
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_PRESENCE_PENALTY,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f452eb1bc50cb266 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/streaming.py:3
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0969888a031bd5df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/streaming.py:9
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9e5f7e38fceded15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/utils.py:10
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #17565a4ec8cb280a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/__init__.py:6
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6df36f6bea6c4132 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/__init__.py:7
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #02dd5452543c5de1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/span_utils.py:11
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #572da1091c3c1105 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/span_utils.py:12
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e7eef7c863e0e0d6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:10
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5dd9e544d17477ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f8b09290f3ae0888 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:9
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e821b80a35f618b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:11
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1622a2af5b1171cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:12
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ddcb4a77f911c705 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:9
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5f18395f850aa19e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:10
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e54a436cd27de7c5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:12
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #feb0c97a1fd290f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:13
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8eb0dc664be01083 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:14
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #22ae3e54c21a034c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:7
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #043413feb4ee8d7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:8
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dabd1e6bc9c0273e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:9
from opentelemetry.trace import Status, StatusCode, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f48f085679e3b9ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:10
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1958784533c24e0c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:11
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #85efb4030c14b4c0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:12
from opentelemetry._logs import LogRecord, Logger, get_logger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e0d665ce5bf0d38a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:13
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d762ecdde63169ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/deepagents/instrumentor.py:31
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #99f70b43f09eb653 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/deepagents/instrumentor.py:32
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6c4b6e28077ef8f3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:10
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a6774b9482596238 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:11
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fa6d7e39f16b3c22 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:12
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8744d0abd7ab5a87 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:13
from opentelemetry.semconv._incubating.attributes import gen_ai_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f50b0c4f84c18d6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:14
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #daa8259dbf8476d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:15
from opentelemetry.trace import Span, Status, StatusCode, Tracer, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #05df1bc0b157e578 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/utils.py:13
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a7fc6affd0684039 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a946290db05731eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:22
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dccba6acd1f28d67 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:23
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1a0776d343b20870 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:24
from opentelemetry.trace import Tracer, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3fdf8fd72c28d013 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:25
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f4177bf7ac6be430 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/span_utils.py:9
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_REQUEST_FREQUENCY_PENALTY,
    GEN_AI_REQUEST_PRESENCE_PENALTY,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #343a75a6adfeccbb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/utils.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a894a4b71e80a1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:13
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dac02163e7c96e9f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:14
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #190b4e3b1bc4c652 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:16
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5e00de9ebddc71b6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langfuse/__init__.py:44
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4c208da65e37a16b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langfuse/__init__.py:45
from opentelemetry.sdk.trace import ReadableSpan, Span, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #33b524db9cb75a20 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langfuse/__init__.py:46
from opentelemetry.sdk.trace import TracerProvider as SdkTracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3a69691d3ad6f9ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:12
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #924f5741a93f045e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:14
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8e1135a31bf5389e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:15
from opentelemetry.context import get_value, attach, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #575bbb6e19d29b8f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:17
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef30f7f67b373e2c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:18
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f1decb1f577d0dc5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/utils.py:5
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dc00b41e60ff9cf6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/__init__.py:4
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7255af33f3e0eefa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/completions/__init__.py:3
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f17c78463599bb87 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/completions/__init__.py:15
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d1ff136a22d96c94 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/completions/streaming.py:4
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4ce712cb9e390933 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/__init__.py:3
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b8cefbed543a83f6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/__init__.py:14
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2dbe1136c8fd89e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/streaming.py:3
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7be1794075e7e65d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/streaming.py:7
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #40ba0de88df9b314 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/__init__.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #085adbba65266d5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:12
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_FREQUENCY_PENALTY,
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_PRESENCE_PENALTY,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_SYSTEM,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b00840da367ab860 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:25
from opentelemetry.semconv._incubating.attributes.openai_attributes import (
    OPENAI_RESPONSE_SYSTEM_FINGERPRINT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #872bece8701f7b95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:28
from opentelemetry.trace.propagation import set_span_in_context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1de68e1aa53047c9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:29
from opentelemetry.trace.propagation.tracecontext import TraceContextTextMapPropagator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d9988ff70e337b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:4
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #03b2e398d262fbba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:30
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c4969e1219780c78 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:31
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #82b0b4c3a45942ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:32
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0744410a256c0523 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:33
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #907be6652b9370f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:3
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f8fdb116998b8942 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:31
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6738b175fbd7fb20 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:32
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #02a4f75539030a00 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:33
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e9286f854cb3260b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/config.py:3
from opentelemetry._events import EventLogger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8843a18d2a754050 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:3
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9a2e5e0663e7b939 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:25
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aa9b4a27e5e4da9b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:26
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8e30cec9cd32b930 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:27
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bc46459e6877c49e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:10
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb323f4639d9aade Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:11
from opentelemetry._events import EventLogger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fb5bb5ec6b329c38 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:3
from opentelemetry._events import get_event_logger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c8e999f81465d675 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:4
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e41089c892cf6d56 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:19
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1ce66abb59715ea8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:20
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #10fac14fd1d3edd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:3
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bbcd28b01ee7dcbc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:34
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e9365c2919502fc3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:35
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e8769fd2fc1195ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:4
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bb603b7b9bc2c970 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:5
from opentelemetry.trace import Span, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #05ec97e2ddaf4d03 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:18
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #740eabe83ffa7af5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:19
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #931fb953f34be0f6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:20
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2170e354c8d0bd7e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:26
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a499d0bae67e4809 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:3
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #274ae1088998f840 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:4
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3d51c5b304e42872 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:8
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3a85949e13415eb3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:48
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b7400cde74a75872 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:49
from opentelemetry.context import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #78f63df14502561f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:50
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bad1dc5ce054203e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:51
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_ID,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,
    GEN_AI_RESPONSE_MODEL,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4ceda927fa9a8b85 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:58
from opentelemetry.trace import SpanKind, Span, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fa3447cf158a4bf6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/helpers.py:9
from opentelemetry.context import create_key

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a0668697b37702f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/instrumentor.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5bbe5f6fb9f5021f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/instrumentor.py:9
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a34faff41c118e02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/processor.py:10
from opentelemetry.context import get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d8f6a1cd8ad99366 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai_agents/span_data.py:7
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f78f5f011ed0129c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:1
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #94a41e6a09b56199 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:2
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #381ecf1ac95000bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:3
from opentelemetry.trace import TraceFlags, SpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a3384141456d6ae1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/pydantic_ai/__init__.py:30
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #491a282e79a77f4d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/pydantic_ai/__init__.py:31
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #57eed986d83baecd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/base_instrumentor.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3381908bbe0cc436 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/base_instrumentor.py:9
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0cda547f41ebca0a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/types.py:3
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d46a6773c2dc512 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/utils.py:6
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4c2622d44bcd7576 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/utils.py:7
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0a77beda7c939796 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/utils.py:8
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a38572193ecc269e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:5
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a0757d4f7ba8a37b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:6
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf23f5d48ed599e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:7
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a44de515559f9e33 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/temporal/__init__.py:24
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #50b4221e489b51f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/temporal/__init__.py:27
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bc4135cad9dce705 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:59
from opentelemetry import context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3a6d9ee6abcbbb96 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:60
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #373245c2943233f3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:61
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d8f9c546f1427206 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:5
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #afdd63a723238435 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:6
from opentelemetry._logs import set_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e38ef576c6e51a92 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:7
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #64b07a3cb4401ef6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:8
from opentelemetry.sdk._logs import LoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #93ec4ae8472adf4a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:9
from opentelemetry.sdk._logs.export import BatchLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bdbc59f4aba1fd32 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:10
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a155bf1c49616dfd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:11
from opentelemetry.sdk.trace import SpanProcessor, TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f84d49c59f12591 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:12
from opentelemetry.sdk.trace.export import SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7de742650f285ca5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:3
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3bcf92dbd97e4e54 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:27
        from opentelemetry.instrumentation.alephalpha import AlephAlphaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e13f6ae28524e4a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:49
        from opentelemetry.instrumentation.bedrock import BedrockInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c059a38530ae9e5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:120
        from opentelemetry.instrumentation.chromadb import ChromaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9572d6f90303bec5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:145
        from opentelemetry.instrumentation.cohere import CohereInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e501cc2439aa93df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:157
        from opentelemetry.instrumentation.crewai import CrewAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fdfe1cd1f6fdf38b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:235
        from opentelemetry.instrumentation.haystack import HaystackInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #592166044100c7eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:257
        from opentelemetry.instrumentation.lancedb import LanceInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e1baeb587e9a7cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:269
        from opentelemetry.instrumentation.langchain import LangchainInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #262957f1e6d8a80a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:352
        from opentelemetry.instrumentation.llamaindex import LlamaIndexInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ae16fba04ea0f876 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:364
        from opentelemetry.instrumentation.marqo import MarqoInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #edc55f4b151ab3d0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:376
        from opentelemetry.instrumentation.mcp import McpInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aeb83bfd3650566f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:388
        from opentelemetry.instrumentation.milvus import MilvusInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d64d8dc571eb92b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:400
        from opentelemetry.instrumentation.mistralai import MistralAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7fd21e121b385d45 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:412
        from opentelemetry.instrumentation.ollama import OllamaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #41c5de16194b2c6d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:470
        from opentelemetry.instrumentation.pinecone import PineconeInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cbfed627f080802 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:512
        from opentelemetry.instrumentation.qdrant import QdrantInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bea4d40c94650a49 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:524
        from opentelemetry.instrumentation.replicate import ReplicateInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee84fd83649d32cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:536
        from opentelemetry.instrumentation.sagemaker import SageMakerInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #185c0c08615d0f01 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:568
        from opentelemetry.instrumentation.together import TogetherAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd52937ba5fd4074 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:581
        from opentelemetry.instrumentation.transformers import TransformersInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #983458edb8c78866 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:593
        from opentelemetry.instrumentation.vertexai import VertexAIInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2200ab0ee9c9ecd9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:608
        from opentelemetry.instrumentation.watsonx import WatsonxInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aeb1216d39b705e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:620
        from opentelemetry.instrumentation.weaviate import WeaviateInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #22c4b102672b03ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/attributes.py:2
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_SYSTEM,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,
    GEN_AI_RESPONSE_ID,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e3ec38293f77c8aa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/context.py:7
from opentelemetry.context import Context, Token, create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #acacd9a840d60867 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:6
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4f32f592d9e504d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:7
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7c10c2d9bfad4ad3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:8
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ce0f39206041533a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:9
from opentelemetry.sdk._logs.export import LogRecordExporter, LogRecordExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4bce81e0de371ab2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:10
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (
    OTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d1cde8b5aef3cf10 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:13
from opentelemetry.exporter.otlp.proto.grpc._log_exporter import (
    OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d4f43b3e3a8a9bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:16
from opentelemetry.exporter.otlp.proto.http import Compression as HTTPCompression

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cee12d0552dc7bd3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:17
from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
    OTLPSpanExporter as HTTPOTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #26f770dca0ff4f6b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:20
from opentelemetry.exporter.otlp.proto.http._log_exporter import (
    OTLPLogExporter as HTTPOTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef4763fca1fbd710 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/instruments.py:6
from opentelemetry.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f6c3853b8a784f3f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/instruments.py:15
    from opentelemetry.sdk._logs import LoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2987bee87b32eb15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/instruments.py:16
    from opentelemetry.sdk.trace import SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3eb985a3deb1cc33 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:5
from opentelemetry.context import Context, get_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e815061d3ba91ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:6
from opentelemetry.sdk.trace import ReadableSpan, Span, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #acec4ccf1a98a384 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:7
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    SimpleSpanProcessor,
    SpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72af9da2cb780c6f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:8
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1c4e0fddc02e186d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:9
from opentelemetry.sdk.trace import Event, ReadableSpan, Span as SDKSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7955a09896488b12 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:10
from opentelemetry.sdk.util.instrumentation import (
    InstrumentationInfo,
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8215fd83f448df33 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:14
from opentelemetry.trace import Link, Span, SpanContext, SpanKind, Status

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #701fc5f8eb989f0a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:15
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8da041541c66ba07 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:16
from opentelemetry.context import detach

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c327255408460dd0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/tracer.py:4
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3820147222b43989 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/tracer.py:5
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e0ebc7f9e7882557 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/utils.py:1
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4df11318317c6acb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:12
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #98f74070e92468a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:13
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d1c9cce1578163d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:14
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b314fe81b87afdd2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:6
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #531b3e5ca450c5a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:7
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2ac82536e326f808 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:8
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #421bc5590f5c6020 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:7
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f556a2cc6f77d835 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:8
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d281e89cbecb826 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:9
from opentelemetry.trace import NonRecordingSpan, get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #35f5df5e525ca51c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:9
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #56eb20836e3c47e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:10
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec2859787c47f5ed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:11
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #965a2e3896601191 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:12
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b54ffe28cc7149b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:15
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cac3f026d45a5f9b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:16
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d2bc52e29f4e635d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:17
from opentelemetry.trace import (
    get_tracer,
    Tracer,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a848c51d061c159a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:7
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e03a02e0bacc1f05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/debug/replay.py:17
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #151ba3f46764230c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:15
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a205ed5db21895ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:16
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9c413f3cd73eedc3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:17
from opentelemetry.context import Context, get_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #797af2fca084c59f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:18
from opentelemetry.sdk.trace.id_generator import RandomIdGenerator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fd0e18be4ec1f884 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:19
from opentelemetry.trace import INVALID_TRACE_ID, Span, Status, StatusCode, use_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #80b93501fd227f22 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:20
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #429b617e04582387 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/types.py:10
from opentelemetry.trace import SpanContext, TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 66 low-confidence finding(s)
low env_fs dependency Excluded from app score #4413fa668ae48676 Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/datasets.py:113
        output_path.write_text(_dump_json([item.model_dump() for item in data]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b74e154c9595ea29 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/cli/evals.py:33
        os.environ["LMNR_FRONTEND_PORT"] = str(args.frontend_port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f9604032e5683e2 Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/evals.py:112
            with open(args.output_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0b669ca2f002a602 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/cli/rules.py:28
        with urllib.request.urlopen(url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b8f0063e8577ade1 Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/rules.py:32
        with open(target_file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a294ac2a2fc7d32b Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/utils.py:27
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf9af23180c0637a Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/proxy.py:32
        env_val = os.environ.get("LMNR_CC_PROXY_MAX_PORTS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b489b85be5cf19b0 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:40
        if key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #098cab3dfe59f1f0 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:42
            snapshot[key] = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e830fbd50edf9817 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:58
            os.environ[key] = value if value is not None else ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a2a96acaf1abb9e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:60
            os.environ.pop(key, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c4ab2578cac830b Filesystem access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:106
        with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5889fecc84009ca Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:157
        return env_dict.get(key) or os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38129195e81c4fcc Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:252
        "ANTHROPIC_BASE_URL": os.environ.get("ANTHROPIC_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd88a08a517b7ba8 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:253
        "ANTHROPIC_ORIGINAL_BASE_URL": os.environ.get("ANTHROPIC_ORIGINAL_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83bbd1784d0c2f8c Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:254
        "HTTP_PROXY": os.environ.get("HTTP_PROXY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dfb06bae1d1f7de Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:255
        "HTTPS_PROXY": os.environ.get("HTTPS_PROXY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #445ac6fa5ba4396f Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:260
    if "ANTHROPIC_ORIGINAL_BASE_URL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcb9bb26a9b768de Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:263
            os.environ["ANTHROPIC_ORIGINAL_BASE_URL"] = target

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a89e98c95a4d8f02 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:267
    os.environ["ANTHROPIC_BASE_URL"] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7573679774b499dd Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:271
        os.environ.pop(proxy_var, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #063464ff3f018db8 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:274
    if is_truthy_env(os.environ.get(FOUNDRY_USE_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #953dc822d6760602 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:275
        snapshot[FOUNDRY_BASE_URL_ENV] = os.environ.get(FOUNDRY_BASE_URL_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0364008d4f51e91b Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:276
        snapshot[FOUNDRY_RESOURCE_ENV] = os.environ.get(FOUNDRY_RESOURCE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #753c3b0f4edd4acb Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:278
        os.environ[FOUNDRY_BASE_URL_ENV] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13b1d7704ec45c1c Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:279
        os.environ.pop(FOUNDRY_RESOURCE_ENV, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b71316da5e3def2 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:282
    if is_truthy_env(os.environ.get(BEDROCK_USE_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25b4cad9bfb1d0b8 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:283
        snapshot[BEDROCK_BASE_URL_ENV] = os.environ.get(BEDROCK_BASE_URL_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcdd145771d456fe Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:284
        os.environ[BEDROCK_BASE_URL_ENV] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc4dd43641ede4ad Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:287
    if is_truthy_env(os.environ.get(VERTEX_USE_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #225ab22edad351e4 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:288
        snapshot[VERTEX_BASE_URL_ENV] = os.environ.get(VERTEX_BASE_URL_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30fd07d24c0b0b1e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:289
        os.environ[VERTEX_BASE_URL_ENV] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2a08d2e43591d1e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:216
            if FOUNDRY_RESOURCE_ENV in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1eed69ec784aee1 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:217
                original_env[FOUNDRY_RESOURCE_ENV] = os.environ[FOUNDRY_RESOURCE_ENV]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9be08d2fbf2fe486 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:219
                os.environ.pop(FOUNDRY_RESOURCE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75ba752f5aae7e0b Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:223
                if proxy_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49dfcaaf1167bda4 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:224
                    original_env[proxy_var] = os.environ[proxy_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b3551e2c8c611eb Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:226
                    os.environ.pop(proxy_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #429208c8b914552d Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:406
        return options.env.get(key) or os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71f6e0249f5f2f2c Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:85
        os.getenv("LAMINAR_TRACE_CONTENT") or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13941f1f252c0b2e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/utils.py:21
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96708fe1dec8ca0b Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:142
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da9ab909fe73713b Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:58
with open(os.path.join(current_dir, "recorder", "record.umd.min.cjs"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #734b04d32590338d Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:61
with open(os.path.join(current_dir, "inject_script.js"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #647fe285ef81bcde Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:129
with open(os.path.join(current_dir, "recorder", "record.umd.min.cjs"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fefc0fdcb1a6a70 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:132
with open(os.path.join(current_dir, "inject_script.js"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a7f4eb8ab5b346f Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:47
        result = orjson.loads(file.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #567659ce12a28f53 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:53
        return [dict(row) for row in csv.DictReader(file.read_text().splitlines())]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62e54e7851b83d29 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:56
            orjson.loads(line) for line in file.read_text().splitlines() if line.strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee8f495bf67089b9 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:140
    if not _is_truthy(os.environ.get("LMNR_DEBUG")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b33457404ed1a23 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:151
        os.environ.get("LMNR_DEBUG_SESSION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19059a6e8ceca322 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:162
        os.environ.get("LMNR_DEBUG_REPLAY_TRACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c07aa3538ddf21b Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/config.py:166
    cache_until_value = os.environ.get("LMNR_DEBUG_CACHE_UNTIL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a48de68f640c023 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/debug_session_file.py:51
        with open(path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b09df92775b64cd8 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/debug/debug_session_file.py:116
        with open(
            os.path.join(target_dir, DEBUG_SESSION_FILE), "w", encoding="utf-8"
        ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ae60033c68c0dfe Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:345
        if env_metadata_str := os.getenv("LMNR_TRACE_METADATA"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7326434d882b8484 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:352
        if not os.getenv("OTEL_ATTRIBUTE_COUNT_LIMIT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c374241a8ee388d Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:355
            os.environ["OTEL_ATTRIBUTE_COUNT_LIMIT"] = "10000"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #665424b0846b0939 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:366
            os.environ.get("LMNR_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24ad823a5eba2400 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:409
        env_context = os.getenv("LMNR_SPAN_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a4017a3c4bb34b1 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:524
            if not _is_truthy(os.environ.get("LMNR_DEBUG")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9036c38a9d7c695e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:561
            debugger_url = os.getenv("LMNR_FRONTEND_URL") or get_frontend_url(base_url)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d59f4f2c7060c4a4 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:705
            debugger_url = os.getenv("LMNR_FRONTEND_URL") or get_frontend_url(base_url)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e82c7a79ae4cfb0 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/log.py:70
    if val := os.getenv("LMNR_LOG_LEVEL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #307c7995e8c175d6 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/utils.py:124
    if val := os.getenv(key):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3a2b56cf3f74bcb5 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/version.py:23
        response = httpx.get("https://pypi.org/pypi/lmnr/json")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

posthog

python dependency
medium telemetry dependency Excluded from app score #11a27f5f49a9885b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:6
from posthog.args import (
    ID_TYPES as ID_TYPES,
    ExceptionArg,
    OptionalCaptureArgs,
    OptionalSetArgs,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #54583f54ff871786 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:12
from posthog.capture_compression import CaptureCompression as CaptureCompression

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cfa12e97b4f8cc64 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:13
from posthog.capture_mode import CaptureMode as CaptureMode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #145f32cb2d2d5911 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:14
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5992154967179cc4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:15
from posthog.exception_capture import ExceptionCapture

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d21823109bc74e93 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:16
from posthog.contexts import (
    identify_context as inner_identify_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b4fd9a103bc5d48 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:19
from posthog.contexts import (
    new_context as inner_new_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95a4515c16cb5940 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:22
from posthog.contexts import (
    scoped as inner_scoped,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #83ecfb67f92df117 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:25
from posthog.contexts import (
    set_capture_exception_code_variables_context as inner_set_capture_exception_code_variables_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4c3964eb5113b799 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:28
from posthog.contexts import (
    set_code_variables_ignore_patterns_context as inner_set_code_variables_ignore_patterns_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a3007cc2afb080a4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:31
from posthog.contexts import (
    set_code_variables_mask_patterns_context as inner_set_code_variables_mask_patterns_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d0a43d22a56380a2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:34
from posthog.contexts import (
    set_code_variables_mask_url_credentials_context as inner_set_code_variables_mask_url_credentials_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b223af14f5dc2911 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:37
from posthog.contexts import (
    set_code_variables_detect_secrets_context as inner_set_code_variables_detect_secrets_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #635148ab6e397f19 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:40
from posthog.contexts import (
    set_context_device_id as inner_set_context_device_id,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #07cc45bec50abd8b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:43
from posthog.contexts import (
    set_context_session as inner_set_context_session,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7d56580d3e6b2aae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:46
from posthog.contexts import (
    tag as inner_tag,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b97d9887fd2defb6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:49
from posthog.contexts import (
    get_tags as inner_get_tags,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c7f6de0ee20cbda8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:52
from posthog.exception_utils import (
    DEFAULT_CODE_VARIABLES_DETECT_SECRETS,
    DEFAULT_CODE_VARIABLES_IGNORE_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_URL_CREDENTIALS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #34960585b8c631ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:58
from posthog.feature_flag_evaluations import (
    FeatureFlagEvaluations as FeatureFlagEvaluations,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c3d94020459a3d43 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:61
from posthog.feature_flags import (
    InconclusiveMatchError as InconclusiveMatchError,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #50ab408e44f6f1ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:64
from posthog.feature_flags import (
    RequiresServerEvaluation as RequiresServerEvaluation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #659648742ac07584 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:67
from posthog.flag_definition_cache import (
    FlagDefinitionCacheData as FlagDefinitionCacheData,
    FlagDefinitionCacheProvider as FlagDefinitionCacheProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6fbae724c223fe9b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:71
from posthog.request import (
    disable_connection_reuse as disable_connection_reuse,
    enable_keep_alive as enable_keep_alive,
    set_socket_options as set_socket_options,
    SocketOptions as SocketOptions,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ebf73339ec2368b1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:77
from posthog.types import (
    BeforeSendCallback as BeforeSendCallback,
    FeatureFlag as FeatureFlag,
    FlagValue as FlagValue,
    FlagsAndPayloads as FlagsAndPayloads,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a14b63140bd19fce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:83
from posthog.types import (
    FeatureFlagResult as FeatureFlagResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cf145cace3362cf3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:86
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #66c01c46daca73b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/__init__.py:1
from posthog.ai.prompts import PromptResult, PromptSource, Prompts

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f8e3a13b817fe83 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:13
from posthog.ai.types import StreamingContentBlock, TokenUsage, ToolInProgress

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d97f146642a19095 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:14
from posthog.ai.utils import (
    call_llm_and_track_usage,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a6b34afcde6f8778 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:18
from posthog.ai.anthropic.anthropic_converter import (
    extract_anthropic_usage_from_event,
    handle_anthropic_content_block_start,
    handle_anthropic_text_delta,
    handle_anthropic_tool_delta,
    finalize_anthropic_tool_input,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5fe54d395ab843e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:25
from posthog.ai.sanitization import sanitize_anthropic

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72c4d5a23ba8c753 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:26
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a5ebc1d7b7e14617 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:27
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0ab3d6e83b95d83b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:244
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aec214d266e98a03 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:245
        from posthog.ai.anthropic.anthropic_converter import (
            format_anthropic_streaming_input,
            format_anthropic_streaming_output_complete,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7eadf4142790332b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:249
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #487e0b60838fbdd0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:13
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #362a8f634fd5e64e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:14
from posthog.ai.stream import AsyncStreamWrapper

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fa3f27782b8de043 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:15
from posthog.ai.types import StreamingContentBlock, TokenUsage, ToolInProgress

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #099b0ad3b1ec5a3d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:16
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3e458be57c9256bc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:20
from posthog.ai.anthropic.anthropic_converter import (
    extract_anthropic_usage_from_event,
    handle_anthropic_content_block_start,
    handle_anthropic_text_delta,
    handle_anthropic_tool_delta,
    finalize_anthropic_tool_input,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #293920a151b68239 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:27
from posthog.ai.sanitization import sanitize_anthropic

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7c2318cd7ed6f60e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:28
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd1adfe30e429ebf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:245
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d83a85fb68deef1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:246
        from posthog.ai.anthropic.anthropic_converter import (
            format_anthropic_streaming_input,
            format_anthropic_streaming_output_complete,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c439010e37758bba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:250
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e158143dc58ed42e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:11
from posthog.ai.types import (
    FormattedContentItem,
    FormattedFunctionCall,
    FormattedMessage,
    FormattedTextContent,
    StreamingContentBlock,
    TokenUsage,
    ToolInProgress,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b590d183d936a8a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:20
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #db033b334a2ac9c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:435
    from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6325ab736304c994 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:10
from posthog.ai.anthropic.anthropic import WrappedMessages

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e49b101823ed0d0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:11
from posthog.ai.anthropic.anthropic_async import AsyncWrappedMessages

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #57102f9ddf53af03 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:12
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #46a1a8cd627da1ed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:13
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #10750b7ab67f3699 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/__init__.py:9
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c0abe98d46bc5aaf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/__init__.py:18
from posthog.ai.claude_agent_sdk.client import PostHogClaudeSDKClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2b4e63721d91c138 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/__init__.py:19
from posthog.ai.claude_agent_sdk.processor import PostHogClaudeAgentProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bb5667822da78453 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/client.py:26
from posthog.ai.claude_agent_sdk.processor import (
    PostHogClaudeAgentProcessor,
    _GenerationTracker,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7b782b5a29aee9ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/client.py:30
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #090530c79388977e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/processor.py:27
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6cde2d439c5d47e8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/claude_agent_sdk/processor.py:28
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #93ffd89cdd179990 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:6
from posthog.ai.types import TokenUsage, StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9c519e5ee1a3d946 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:7
from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #201a86b487a5d737 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:16
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf7f56b66ec17b11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:17
from posthog.ai.utils import (
    call_llm_and_track_usage,
    capture_streaming_event,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0b5e5de400b51e46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:22
from posthog.ai.gemini.gemini_converter import (
    extract_gemini_embedding_token_count,
    extract_gemini_usage_from_chunk,
    extract_gemini_content_from_chunk,
    extract_gemini_stop_reason_from_chunk,
    format_gemini_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d4c1f56cd91a727 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:29
from posthog.ai.utils import with_privacy_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #43561deb46e42465 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:30
from posthog.ai.sanitization import sanitize_gemini

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c51e001f2f4c2dd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:31
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b3ca2dd0dbd9b375 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:6
from posthog.ai.stream import AsyncStreamWrapper

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca4d495de40ad0df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:7
from posthog.ai.types import TokenUsage, StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d7988e16d2ff5a42 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:8
from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1010ea1f167e1381 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:17
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d4981004cf7dd021 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:18
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    capture_streaming_event,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0a04732241749f65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:23
from posthog.ai.gemini.gemini_converter import (
    extract_gemini_embedding_token_count,
    extract_gemini_usage_from_chunk,
    extract_gemini_content_from_chunk,
    extract_gemini_stop_reason_from_chunk,
    format_gemini_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a849c021dfac09ad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:30
from posthog.ai.utils import with_privacy_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7dec66d5253b5bab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:31
from posthog.ai.sanitization import sanitize_gemini

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d92fdb88474dbc6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:32
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a64e1a79d1ba1948 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:10
from posthog.ai.types import (
    FormattedContentItem,
    FormattedMessage,
    TokenUsage,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e512e9c9b5bde924 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:15
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d13c4e441e689da7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:370
            from posthog.ai.types import FormattedMessage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0b749b5796337c72 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:44
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3eba21443daab76a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:45
from posthog.ai.gateway import warn_if_posthog_ai_gateway

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #003973ac90028bda Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:46
from posthog.ai.sanitization import sanitize_langchain

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c6d99746345a625f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:47
from posthog.ai.utils import get_model_params, with_privacy_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0516ad27adbc065c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:48
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3685c96667337ce4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:5
from posthog.ai.types import TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #398fa05cf5ad136c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:14
from posthog.ai.utils import (
    call_llm_and_track_usage,
    extract_available_tool_calls,
    merge_usage_stats,
    with_privacy_mode,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8e61143fa04abc97 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:20
from posthog.ai.openai.openai_converter import (
    extract_openai_usage_from_chunk,
    extract_openai_content_from_chunk,
    extract_openai_tool_calls_from_chunk,
    accumulate_openai_tool_calls,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4718c68284c0b4f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:26
from posthog.ai.sanitization import sanitize_openai, sanitize_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e27e738f2acdccba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:27
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0e548977c56f0b55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:28
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #441f014d8d668f19 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:29
from posthog.ai.openai.wrapper_utils import _OpenAIWrapperResource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f3613023781d3394 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:238
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8986f99c4d7a0009 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:239
        from posthog.ai.openai.openai_converter import (
            format_openai_streaming_input,
            format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba3e690cadf05c39 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:243
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #06c5fade8b0737be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:507
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a3a2e2530b64f8dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:508
        from posthog.ai.openai.openai_converter import (
            format_openai_streaming_input,
            format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b6f8ed3166ee8c9f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:512
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d0ce5f57eaa95d9c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:5
from posthog.ai.stream import AsyncStreamWrapper

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef565768ccf1640a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:6
from posthog.ai.types import TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b5f6cab5e2e1aa7c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:15
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d10f695e7343f0d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:16
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    extract_available_tool_calls,
    get_model_params,
    merge_usage_stats,
    with_privacy_mode,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8ac3c707ddc4bf11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:23
from posthog.ai.openai.openai_converter import (
    extract_openai_usage_from_chunk,
    extract_openai_content_from_chunk,
    extract_openai_tool_calls_from_chunk,
    accumulate_openai_tool_calls,
    format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e644f1b43ba826c0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:30
from posthog.ai.sanitization import sanitize_openai, sanitize_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #45571c223241d1ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:31
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eb4feb91f012f694 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:32
from posthog.ai.openai.wrapper_utils import _OpenAIWrapperResource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #12b669820cc8fea3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:11
from posthog.ai.types import (
    FormattedContentItem,
    FormattedFunctionCall,
    FormattedImageContent,
    FormattedMessage,
    FormattedTextContent,
    TokenUsage,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #68fd95f0a74f530b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:19
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #86d8f936d27f7c03 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:769
    from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b31a1be03f724d87 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:8
from posthog.ai.openai.openai import (
    WrappedBeta,
    WrappedChat,
    WrappedEmbeddings,
    WrappedResponses,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #505363da0f4ea88b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:14
from posthog.ai.openai.openai_async import WrappedBeta as AsyncWrappedBeta

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0a59d4428610ffc5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:15
from posthog.ai.openai.openai_async import WrappedChat as AsyncWrappedChat

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a670eeade3a7c410 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:16
from posthog.ai.openai.openai_async import WrappedEmbeddings as AsyncWrappedEmbeddings

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a86dcf1914967ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:17
from posthog.ai.openai.openai_async import WrappedResponses as AsyncWrappedResponses

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5d0b5e2b8adfac26 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:20
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a8dcd122d183ba2f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:21
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a43488f6ddc75de9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/__init__.py:8
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #85781687c0347c84 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/__init__.py:17
from posthog.ai.openai_agents.processor import PostHogTracingProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a7281625f0518828 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/processor.py:23
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f5a65753cdd14475 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/processor.py:24
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f0d8ed70cf6593e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/__init__.py:29
from posthog.ai.otel.exporter import PostHogTraceExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d64e4feaa38c94a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/__init__.py:30
from posthog.ai.otel.processor import PostHogSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #50f533b92b082cb7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/__init__.py:31
from posthog.ai.otel.spans import is_ai_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #941d46b627a86c80 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/exporter.py:10
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #636ea21837ccb4dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/exporter.py:11
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c71ccfc939502e9a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/exporter.py:12
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #734a9ae983fbbd15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:10
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d99a3362742f582 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:11
from opentelemetry.sdk.trace import ReadableSpan, Span, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1186ecf587a36c1a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:12
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6341d5c4ec7e0ce8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/processor.py:13
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #069e230512ac9704 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/otel/spans.py:6
    from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c64f63ce35aee336 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/prompts.py:15
from posthog.request import USER_AGENT, _get_session

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dbccc5edc3d9ef51 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/prompts.py:16
from posthog.utils import remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a359d3f89e73cb4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:5
from posthog import get_tags, identify_context, new_context, tag, contexts

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8e251c9529a92bd6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:6
from posthog.ai.gateway import warn_if_posthog_ai_gateway

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8fdc7fa21a376a68 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:7
from posthog.ai.sanitization import (
    sanitize_anthropic,
    sanitize_gemini,
    sanitize_langchain,
    sanitize_openai,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #03dda59c77a75013 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:13
from posthog.ai.types import FormattedMessage, StreamingEventData, TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6dfe3f91f1174dc6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:14
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5c006479f32593df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:197
        from posthog.ai.anthropic.anthropic_converter import (
            extract_anthropic_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #50ec767baa30000b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:203
        from posthog.ai.openai.openai_converter import (
            extract_openai_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #22b8198d7e52b083 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:209
        from posthog.ai.gemini.gemini_converter import (
            extract_gemini_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #00f7a0a3a09045a2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:223
        from posthog.ai.anthropic.anthropic_converter import format_anthropic_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #46fd95e852e9220b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:227
        from posthog.ai.openai.openai_converter import format_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #39088fb5c04b11bc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:231
        from posthog.ai.gemini.gemini_converter import format_gemini_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2ff9fb1cf6db83c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:240
        from posthog.ai.openai.openai_converter import extract_openai_stop_reason

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c05fe10fefecafd9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:244
        from posthog.ai.anthropic.anthropic_converter import (
            extract_anthropic_stop_reason,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #412b83c174d13b4c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:250
        from posthog.ai.gemini.gemini_converter import extract_gemini_stop_reason

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #13e9b40e3de30ddd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:261
        from posthog.ai.anthropic.anthropic_converter import extract_anthropic_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #86f45897a7f612c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:265
        from posthog.ai.gemini.gemini_converter import extract_gemini_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b128e7250bbb7f27 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:269
        from posthog.ai.openai.openai_converter import extract_openai_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e5b1d255a42afc7f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:282
        from posthog.ai.anthropic.anthropic_converter import format_anthropic_input

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0f3b38a3f236b555 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:288
        from posthog.ai.gemini.gemini_converter import format_gemini_input_with_system

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #843fd60f8ef3cafc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:294
        from posthog.ai.openai.openai_converter import format_openai_input

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #944ac88f8deb6823 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/args.py:8
from posthog.types import SendFeatureFlagsOptions

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ac51c648a90c55bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/args.py:11
    from posthog.feature_flag_evaluations import FeatureFlagEvaluations

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8deffdf866b7ddb8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/capture_v1.py:48
from posthog.capture_compression import CaptureCompression, _zstandard

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #56c29900bd8c9052 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/capture_v1.py:49
from posthog.request import (
    DatetimeSerializer,
    USER_AGENT,
    APIError,
    _get_session,
    normalize_host,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b6c6034f4a92758a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/capture_v1.py:56
from posthog.utils import guess_timezone as _guess_timezone, remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b5d052722f8ef319 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:17
from posthog._async_utils import _BackgroundEventLoopRunner

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #35f37ddeadb66f3c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:18
from posthog.args import ID_TYPES, ExceptionArg, OptionalCaptureArgs, OptionalSetArgs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7cd5e2688c0aa3b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:19
from posthog.capture_compression import (
    CaptureCompression,
    _resolve_capture_compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4101b858176598c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:23
from posthog.capture_mode import CaptureMode, _resolve_capture_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e2b7776a8fe825b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:24
from posthog.capture_v1 import _send_v1_batch

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2cdcd05c7b587db7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:25
from posthog.consumer import Consumer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f8f9caa872701f47 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:26
from posthog.contexts import (
    _get_current_context,
    get_capture_exception_code_variables_context,
    get_code_variables_detect_secrets_context,
    get_code_variables_ignore_patterns_context,
    get_code_variables_mask_patterns_context,
    get_code_variables_mask_url_credentials_context,
    get_context_device_id,
    get_context_distinct_id,
    get_context_session_id,
    get_tags as _context_get_tags,
    identify_context as _context_identify_context,
    _scoped as _context_scoped,
    new_context,
    set_context_device_id as _context_set_context_device_id,
    set_context_session as _context_set_context_session,
    tag as _context_tag,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8016e1f61c6aae38 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:44
from posthog.exception_capture import ExceptionCapture

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eadcb52ca86b0a86 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:45
from posthog._logging import _configure_posthog_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #272f757eb243e2b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:46
from posthog.exception_utils import (
    DEFAULT_CODE_VARIABLES_DETECT_SECRETS,
    DEFAULT_CODE_VARIABLES_IGNORE_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_URL_CREDENTIALS,
    exc_info_from_error,
    exception_is_already_captured,
    exceptions_from_error_tuple,
    handle_in_app,
    mark_exception_as_captured,
    try_attach_code_variables_to_frames,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #44992fe8ea0d4868 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:58
from posthog.feature_flag_evaluations import (
    FeatureFlagEvaluations,
    _EvaluatedFlagRecord,
    _FeatureFlagEvaluationsHost,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #090e483a75d83a35 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:63
from posthog.feature_flags import (
    InconclusiveMatchError,
    RequiresServerEvaluation,
    match_feature_flag_properties,
    resolve_bucketing_value,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d5069714e98c89e1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:69
from posthog.flag_definition_cache import (
    FlagDefinitionCacheData,
    FlagDefinitionCacheProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #db65427fc852a485 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:73
from posthog.poller import Poller

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6754b8b0638424b1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:74
from posthog.request import (
    AI_EVENTS_ENDPOINT,
    EVENTS_ENDPOINT,
    APIError,
    QuotaLimitError,
    RequestsConnectionError,
    RequestsTimeout,
    batch_post,
    determine_server_host,
    flags,
    get,
    is_ai_event,
    normalize_host,
    remote_config,
    reset_sessions,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a7da5fbb78fc9b84 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:90
from posthog.types import (
    FeatureFlag,
    FeatureFlagError,
    FeatureFlagResult,
    FlagMetadata,
    FlagsAndPayloads,
    FlagsResponse,
    FlagValue,
    SendFeatureFlagsOptions,
    normalize_flags_response,
    to_flags_and_payloads,
    to_payloads,
    to_values,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #762228e967d016a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:104
from posthog.utils import (
    FlagCache,
    RedisFlagCache,
    SizeLimitedDict,
    clean,
    guess_timezone,
    system_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #967724f5046f1258 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:112
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #52c4fc46be4fadd7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:7
from posthog._logging import _configure_posthog_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #993ba539e97562b6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:8
from posthog.capture_compression import CaptureCompression

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6a0006ca774ec4bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:9
from posthog.capture_mode import CaptureMode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9887d2ed9c841426 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:10
from posthog.capture_v1 import _send_v1_batch

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f6acf081dbde21bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:11
from posthog.request import (
    AI_EVENTS_ENDPOINT,
    EVENTS_ENDPOINT,
    APIError,
    DatetimeSerializer,
    batch_post,
    is_ai_event,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b8e9d8d9b5d7c58c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/contexts.py:7
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #04241b3c08d3ff2f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_capture.py:12
from posthog.bucketed_rate_limiter import BucketedRateLimiter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #48df50c99c1e72e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_capture.py:13
from posthog.exception_utils import walk_exception_chain

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2176f481f3f4df04 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_capture.py:16
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fb8822d7a04ae543 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_utils.py:37
from posthog.args import ExceptionArg, ExcInfo  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #131c5b32324627a2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flag_evaluations.py:11
from posthog.types import FlagValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a20f23988b4622c9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:10
from posthog import utils

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a6787ca4cacc60ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:11
from posthog.types import FlagValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8efd66f5d13c0ae3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:12
from posthog.utils import convert_to_datetime_aware, is_valid_regex

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a9566c8d53308f70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/celery.py:468
            from posthog import capture

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0acb5ae61be9606e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/celery.py:470
            capture(event, properties=properties)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #210495167c5354f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/celery.py:476
            from posthog import capture_exception

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8a8ba1da3f588513 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/django.py:366
            from posthog import capture_exception

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf766e455bf676b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/__init__.py:29
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1a5390ef47ede71a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/__init__.py:126
        from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a4563823f34ed6f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/_exceptions.py:15
from posthog.exception_utils import exceptions_from_error_tuple

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ff43a9155657ec62 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/_sink.py:20
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c7930efffe78bcae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/mcp/posthog_mcp.py:17
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #39d5948eebfb9fa7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:18
from posthog._logging import _configure_posthog_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b6719d7a99d0948b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:19
from posthog.utils import remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f3700ae2d4f981d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:20
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #91cd98df37a410e3 Environment-variable access.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:190
                api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad74b9efcd3f1c0d Environment-variable access.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:191
                api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c3cfb50d1105b79 Environment-variable access.
pkgs/python/[email protected]/posthog/ai/sanitization.py:11
    return os.environ.get("_INTERNAL_LLMA_MULTIMODAL", "").lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #077b467f42fbc0ea Environment-variable access.
pkgs/python/[email protected]/posthog/capture_compression.py:105
    raw = os.environ.get(CAPTURE_COMPRESSION_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86d4115c89ff4364 Environment-variable access.
pkgs/python/[email protected]/posthog/capture_mode.py:70
    raw = os.environ.get(CAPTURE_MODE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

opentelemetry-api

python dependency
medium telemetry dependency Excluded from app score #57198360892f3fd2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:22
from opentelemetry._logs import LogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4523aa2a2e97baac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:23
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a7eff1d0f3d3632b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:24
from opentelemetry.environment_variables import (
    _OTEL_PYTHON_EVENT_LOGGER_PROVIDER,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8fd1a8ce95e765d3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:27
from opentelemetry.trace.span import TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #276b5e2704e089d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:28
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3645b5c1bbc1fbb7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:29
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #37f8803f5bd9d32d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:30
from opentelemetry.util.types import AnyValue, _ExtendedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3546490ddea384f5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/__init__.py:36
from opentelemetry._logs._internal import (
    Logger,
    LoggerProvider,
    LogRecord,
    NoOpLogger,
    NoOpLoggerProvider,
    get_logger,
    get_logger_provider,
    set_logger_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a4b0ca5e7675760f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/__init__.py:46
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #32db478bdf1351c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:46
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d07d55519a4893e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:47
from opentelemetry.context import get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a9a54794aff7fcfb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:48
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #28122204405205ba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:49
from opentelemetry.environment_variables import _OTEL_PYTHON_LOGGER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #94c8a0b703fd00a8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:50
from opentelemetry.trace import get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d7ca734f23511f0a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:51
from opentelemetry.trace.span import TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e45e621d82ffdb9b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:52
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #728ceb0effce7bd5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:53
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c8d52a18374445b5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:54
from opentelemetry.util.types import AnyValue, _ExtendedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4d2bf8ce8420c37e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/attributes/__init__.py:21
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7fa5096afe56fe5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:20
from opentelemetry.context import create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #038b70d4a56c8a7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:21
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aaf106a2416e57ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/__init__.py:22
from opentelemetry.util.re import (
    _BAGGAGE_PROPERTY_FORMAT,
    _KEY_FORMAT,
    _VALUE_FORMAT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97b30b1d96792efe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:20
from opentelemetry.baggage import _is_valid_pair, get_all, set_baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b59b1a1371e755d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:21
from opentelemetry.context import get_current

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2b10ea660eb9b732 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:22
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f3c3876a40be9eca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:23
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1b1008aa40a65bb5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/baggage/propagation/__init__.py:24
from opentelemetry.util.re import _DELIMITER_PATTERN

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #80471b8196e4e0b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:24
from opentelemetry.context.context import Context, _RuntimeContext  # noqa

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #802c797fccdfc935 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:25
from opentelemetry.environment_variables import OTEL_PYTHON_CONTEXT

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f0fbabcac1d88a4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:26
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f793530b3862861b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/context/contextvars_context.py:19
from opentelemetry.context.context import Context, _RuntimeContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e54bbcfa64f305f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:42
from opentelemetry.metrics._internal import (
    Meter,
    MeterProvider,
    NoOpMeter,
    NoOpMeterProvider,
    get_meter,
    get_meter_provider,
    set_meter_provider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a2d466e101ffde9a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:51
from opentelemetry.metrics._internal.instrument import (
    Asynchronous,
    CallbackOptions,
    CallbackT,
    Counter,
    Histogram,
    Instrument,
    NoOpCounter,
    NoOpHistogram,
    NoOpObservableCounter,
    NoOpObservableGauge,
    NoOpObservableUpDownCounter,
    NoOpUpDownCounter,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    Synchronous,
    UpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6c5e91e5d4c63903 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:70
from opentelemetry.metrics._internal.instrument import Gauge as _Gauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #86bc93095b4af19e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:71
from opentelemetry.metrics._internal.instrument import NoOpGauge as _NoOpGauge

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #43b81554e962d946 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/__init__.py:72
from opentelemetry.metrics._internal.observation import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d769de61962010de Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:51
from opentelemetry.environment_variables import OTEL_PYTHON_METER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #10e64b95cfaa3474 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:52
from opentelemetry.metrics._internal.instrument import (
    CallbackT,
    Counter,
    Gauge,
    Histogram,
    NoOpCounter,
    NoOpGauge,
    NoOpHistogram,
    NoOpObservableCounter,
    NoOpObservableGauge,
    NoOpObservableUpDownCounter,
    NoOpUpDownCounter,
    ObservableCounter,
    ObservableGauge,
    ObservableUpDownCounter,
    UpDownCounter,
    _MetricsHistogramAdvisory,
    _ProxyCounter,
    _ProxyGauge,
    _ProxyHistogram,
    _ProxyObservableCounter,
    _ProxyObservableGauge,
    _ProxyObservableUpDownCounter,
    _ProxyUpDownCounter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a8e968ef388aa85e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:77
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2ac4141e4a960903 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:78
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #33e10ab7c02fbc71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:79
from opentelemetry.util.types import (
    Attributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #79f84101fa9ccb8a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:35
from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f78af14c814b0157 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:36
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #adf305567f3db6ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:37
from opentelemetry.metrics._internal.observation import Observation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e0f80133a9a58928 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/instrument.py:38
from opentelemetry.util.types import (
    Attributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b23877763b971be4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/observation.py:17
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4657215c0741f52a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/observation.py:18
from opentelemetry.util.types import Attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c5b65ec8c2428313 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:75
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5fb7ff5c15f5fa27 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:76
from opentelemetry.environment_variables import OTEL_PROPAGATORS

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fda3579bd1530931 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:77
from opentelemetry.propagators import composite, textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d4f6b927226fb2ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:78
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f71012de3f3d406e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/composite.py:19
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #22c36de938c9c997 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/composite.py:20
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0399397799da9771 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/propagators/textmap.py:18
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d77168519b9dbe6b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:85
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7d7bee9d45054206 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:86
from opentelemetry.attributes import BoundedAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dab2774b27f74150 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:87
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #674d2e88053eb01f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:88
from opentelemetry.environment_variables import OTEL_PYTHON_TRACER_PROVIDER

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8a1d8d993fb8122e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:89
from opentelemetry.trace.propagation import (
    _SPAN_KEY,
    get_current_span,
    set_span_in_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1e82f3be888917b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:94
from opentelemetry.trace.span import (
    DEFAULT_TRACE_OPTIONS,
    DEFAULT_TRACE_STATE,
    INVALID_SPAN,
    INVALID_SPAN_CONTEXT,
    INVALID_SPAN_ID,
    INVALID_TRACE_ID,
    NonRecordingSpan,
    Span,
    SpanContext,
    TraceFlags,
    TraceState,
    format_span_id,
    format_trace_id,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #71a681fd5312cf19 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:109
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #87d6859f78246953 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:110
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8d951d451d042cf7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:111
from opentelemetry.util._decorator import _agnosticcontextmanager

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e17a8b4f5dea0bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:112
from opentelemetry.util._once import Once

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #316a29774e8e15ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:113
from opentelemetry.util._providers import _load_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df4a4d8130250fec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:16
from opentelemetry.context import create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b2b78f33a62a9860 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:17
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #212f4390d3d9a0db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/__init__.py:18
from opentelemetry.trace.span import INVALID_SPAN, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e9e206bdea225f78 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:18
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7fd7170156c0aa29 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:19
from opentelemetry.context.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #07239d33b246ab82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:20
from opentelemetry.propagators import textmap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3608d15160e7d259 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:21
from opentelemetry.trace import format_span_id, format_trace_id

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ab1004b68cf187d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/propagation/tracecontext.py:22
from opentelemetry.trace.span import TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #35740066c7535cbc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/span.py:8
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0c3df4c37037a69b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/trace/span.py:9
from opentelemetry.util import types

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #37e75d326bcb2f50 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:19
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3788af2c31e0a1fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:22
    from opentelemetry.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #064ead9dd8ffd12d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:23
    from opentelemetry.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #18f94465c5d47daa Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/_events/__init__.py:211
        if _OTEL_PYTHON_EVENT_LOGGER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4229ea7d7ee6b64 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/_logs/_internal/__init__.py:395
        if _OTEL_PYTHON_LOGGER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20841439ef177c68 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/context/__init__.py:43
    configured_context = environ.get(OTEL_PYTHON_CONTEXT, default_context)  # type: str

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e87b1c00b85b506 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/metrics/_internal/__init__.py:880
        if OTEL_PYTHON_METER_PROVIDER not in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #472806b9f77b76de Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:127
environ_propagators = environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31c17c56b4fce8b6 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/propagate/__init__.py:127
environ_propagators = environ.get(
    OTEL_PROPAGATORS,
    "tracecontext,baggage",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be14372de9117df7 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/trace/__init__.py:554
        if OTEL_PYTHON_TRACER_PROVIDER not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41dc010300efcb93 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/util/_providers.py:36
            environ.get(provider_environment_variable, f"default_{provider}"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ddtrace

python dependency
medium telemetry dependency Excluded from app score #b385ca1fdb4abcbb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/bootstrap/preload.py:71
        from opentelemetry.trace import set_tracer_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f93a86508fbe4ed9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/openfeature/_flageval_metrics.py:69
            from opentelemetry import metrics as otel_metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #314e5b7192f14c31 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:23
        from opentelemetry.baggage import get_all

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #80f3cefb1ed04e62 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:24
        from opentelemetry.trace import INVALID_SPAN

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b4b2ab302fb82634 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:25
        from opentelemetry.trace import get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72fa68f40b89a1f5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:59
        from opentelemetry.baggage import set_baggage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a0bdbec11b2f1cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:60
        from opentelemetry.context.context import Context as OtelContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #178b385647747cdb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:61
        from opentelemetry.trace import NonRecordingSpan as OtelNonRecordingSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9816e6428935860c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:62
        from opentelemetry.trace import SpanContext as OtelSpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f2e2bacea3d2a979 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:63
        from opentelemetry.trace import set_span_in_context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5ca1978bad44629d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/context.py:64
        from opentelemetry.trace.span import TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #90bef560418a42cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:4
import opentelemetry.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #82f072791c26ffb6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:63
        from opentelemetry._logs._internal import _LOGGER_PROVIDER as logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d856dacc3f2b6d7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:84
        from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e19b95a9752e131a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:136
            from opentelemetry.exporter.otlp.proto.grpc._log_exporter import OTLPLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dfd50ea1c4f713fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:137
            from opentelemetry.exporter.otlp.proto.grpc.version import __version__ as exporter_version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #11b9c8ca4d87cb6a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:139
            from opentelemetry.exporter.otlp.proto.http._log_exporter import OTLPLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7c3f3726b2cd90ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:140
            from opentelemetry.exporter.otlp.proto.http.version import __version__ as exporter_version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0f668a82752fa7ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/logs.py:174
        from opentelemetry.sdk._configuration import _init_logging

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e14f7078c9ae6183 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:4
import opentelemetry.version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bbe4fd27895edaf5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:60
        from opentelemetry.metrics._internal import _METER_PROVIDER as meter_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2c0eee3060c658e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:80
        from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #deb6596863171926 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:144
            from opentelemetry.exporter.otlp.proto.grpc.metric_exporter import OTLPMetricExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2650879865c767d8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:145
            from opentelemetry.exporter.otlp.proto.grpc.version import __version__ as exporter_version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6802e09ea7ccf5e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:147
            from opentelemetry.exporter.otlp.proto.http.metric_exporter import OTLPMetricExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8aef0dde0827533d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:148
            from opentelemetry.exporter.otlp.proto.http.version import __version__ as exporter_version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #86cc39dd47d72be8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/metrics.py:183
        from opentelemetry.sdk._configuration import _init_metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4d5c9818a1545b11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:5
from opentelemetry.trace import Span as OtelSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9201c8105fac5eb6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:6
from opentelemetry.trace import SpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4b54dac5c3909ba6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:7
from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7910d720f46567bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:8
from opentelemetry.trace import Status

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #712d3828c0d5949a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:9
from opentelemetry.trace import StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1925f36a955cbdbc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:10
from opentelemetry.trace.span import DEFAULT_TRACE_OPTIONS

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #98cbee50afde1466 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:11
from opentelemetry.trace.span import TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a9d84ed37a664e64 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:12
from opentelemetry.trace.span import TraceState

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e3d5facaf50a361 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:32
    from opentelemetry.util.types import Attributes  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e8689548fd3ccfe9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/span.py:33
    from opentelemetry.util.types import AttributeValue  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e1c06c29aa66112d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:8
from opentelemetry import version

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b0fd35203a1ef5a8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:9
from opentelemetry.context import Context as OtelContext  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #da31be21aa1e6507 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:10
from opentelemetry.trace import SpanKind as OtelSpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f613e4723ba4a43d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:11
from opentelemetry.trace import Tracer as OtelTracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #46b0b067cff44451 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:12
from opentelemetry.trace import TracerProvider as OtelTracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #83eece8822a46826 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:13
from opentelemetry.trace import use_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0711159eaa693f15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:14
from opentelemetry.trace.propagation import get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #07459adafd6edfb1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:15
from opentelemetry.trace.span import DEFAULT_TRACE_OPTIONS

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a328ee1cd59203fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:16
from opentelemetry.trace.span import INVALID_SPAN

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b983dcddfbc1e421 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:28
    from opentelemetry.trace import Link as OtelLink  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7701cd86aa5b8ef2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:29
    from opentelemetry.trace.span import Span as OtelSpan  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #664897bffd7a94cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:30
    from opentelemetry.util.types import AttributeValue as OtelAttributeValue  # noqa:F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #26c4e78f678e2007 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/ddtrace/internal/opentelemetry/trace.py:39
    from opentelemetry.util._decorator import _agnosticcontextmanager as contextmanager  # type: ignore[no-redef]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 126 low-confidence finding(s)
low env_fs dependency Excluded from app score #6827bfc78def6cf5 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_ast/ast_patching.py:280
    with open(module_path, "rb") as source_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c137982231522b9a Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_pytest_plugin.py:66
        with open(filepath, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #165a52bb7804b820 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/_version.py:22
match = regex.search(input_file.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dcb6740f4e60689 Environment-variable access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/setup_helpers.py:153
            env_cflags = os.environ.get("CFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c46820dff9a5a58 Environment-variable access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/setup_helpers.py:154
            env_cppflags = os.environ.get("CPPFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #656dff80b25803ad Environment-variable access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/setup_helpers.py:191
        if MACOS and "MACOSX_DEPLOYMENT_TARGET" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e24f14ad89f19879 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/setup_helpers.py:239
        fname.write_text("int main (int, char **) { return 0; }", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bddccf1d815dae1 Environment-variable access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/pybind11/setup_helpers.py:450
                threads = int(os.environ.get(self.envvar, self.default))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1834bfa5478abf95 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/tools/codespell_ignore_lines_from_errors.py:21
    with open(args[0]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fe9e1ac2a1bab528 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/tools/codespell_ignore_lines_from_errors.py:31
                    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3aca285f73492786 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/tools/libsize.py:25
    with open(save) as sf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b311d2a89159ddc3 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/tools/libsize.py:37
with open(save, "w") as sf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b877a7fc6d9d84d6 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_iast/_taint_tracking/_vendor/pybind11/tools/make_global.py:17
    pyproject = tomlkit.parse(PYPROJECT.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d739b6d6b1a655ad Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/_processor.py:118
            with open(self.rule_filename, "br") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fa4052de70054d1 Filesystem access.
pkgs/python/[email protected]/ddtrace/appsec/sca/_cve_loader.py:122
        with open(_CVE_DATA_PATH) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e152ea6ca0f175b4 Filesystem access.
pkgs/python/[email protected]/ddtrace/contrib/internal/coverage/utils.py:168
    coverage_report_bytes = tmp_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f159b819c62644d Environment-variable access.
pkgs/python/[email protected]/ddtrace/contrib/internal/subprocess/patch.py:589
            child_env = os.environ.copy()  # ast-grep-ignore: os-environ-fix-access

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c72306453473c559 Filesystem access.
pkgs/python/[email protected]/ddtrace/debugging/_debugger.py:321
            raw_probes = json.loads(self.probe_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d37aaeaecf4ad27e Filesystem access.
pkgs/python/[email protected]/ddtrace/ext/ci/github_actions.py:99
        with open(file_path, "r", encoding="utf-8", errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #720eeda194bacaca Filesystem access.
pkgs/python/[email protected]/ddtrace/ext/ci/github_actions.py:197
            with open(environ["GITHUB_EVENT_PATH"]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9084a62d05ca3d54 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/ci_visibility/_api_responses_cache.py:45
            with open(cache_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6f044fe1436345c Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/ci_visibility/_api_responses_cache.py:60
        with open(cache_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdc2c174fe77e017 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/ci_visibility/git_client.py:118
        f = open(file_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9669fac3afe2b04 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/codeowners.py:149
        with open(self.path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cd16a7fdc926184 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/coverage/code.py:186
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6412aabc594a75cb Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/coverage/report.py:35
        with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac5a07afd3d84d6f Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/coverage/report.py:188
    with open(coverage_py_filename, "r") as coverage_py_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96b76584f357a8e8 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/coverage/report.py:191
    with open(dd_coverage_filename, "r") as dd_coverage_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91022c9caa454587 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/datadog/profiling/code_provenance.py:151
        data = cache_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #362dcac746316878 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/datadog/profiling/code_provenance.py:199
        with open(lock_filename, "a+b") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68c51dc2bc6708b8 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/flare/flare.py:116
            with open(config_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29c62909cf1d5cb4 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/packages.py:381
    return (dist.read_text("top_level.txt") or "").split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51435648525985ed Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/runtime/container.py:145
        with open(f"/proc/{pid}/cgroup", mode="r") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0542ced4a410cb5f Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/sampling.py:213
        with open(file_json_raw) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af107afbdcf0f353 Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:68
        if (value := os.environ.get(key)) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a8f0b7093d8d9b9 Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:71
            if (value := os.environ.get(alias)) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77b2f8c73c351804 Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:77
        os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6d1f815e5355491 Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:80
        del os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #462ec620204b2156 Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:85
            if key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f477d53986047715 Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:87
            return any(alias in os.environ for alias in CONFIGURATION_ALIASES.get(key, ()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f426bda1b586d62f Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:88
        return key in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbbbdf6827f8f6bc Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:91
        return iter(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cf609a339e52aaf Environment-variable access.
pkgs/python/[email protected]/ddtrace/internal/settings/env.py:94
        return len(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e79457870b416750 Filesystem access.
pkgs/python/[email protected]/ddtrace/internal/utils/http.py:344
            with open(template_path, "r") as template_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c9b6c44505d9243 Filesystem access.
pkgs/python/[email protected]/ddtrace/llmobs/_llmobs.py:1212
            with open(csv_path, mode="r") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8389eba9d93979bf Filesystem access.
pkgs/python/[email protected]/ddtrace/llmobs/_prompts/cache.py:148
                with open(path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bf9acaeca85323e Filesystem access.
pkgs/python/[email protected]/ddtrace/llmobs/_prompts/cache.py:166
                with open(path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96d5566f75251fea Filesystem access.
pkgs/python/[email protected]/ddtrace/llmobs/_writer.py:674
            with open(tmp.name, "w", newline="") as csv_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee90682325483b4c Filesystem access.
pkgs/python/[email protected]/ddtrace/llmobs/_writer.py:687
            with open(tmp.name, mode="rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92e12c3fa05b9deb Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/api_client.py:359
            content = packfile.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c08a553bf7e83c6 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/cached_file_provider.py:76
        with open(cache_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0442fb12a0f41aa Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/env_tags.py:56
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2b753586ed71b6b Environment-variable access.
pkgs/python/[email protected]/ddtrace/testing/internal/env_tags.py:119
    ci_provider_tags = ci.get_ci_tags(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e244830029a2f3a Environment-variable access.
pkgs/python/[email protected]/ddtrace/testing/internal/env_tags.py:120
    user_supplied_tags = git.get_git_tags_from_dd_variables(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73b531e4ea599f70 Environment-variable access.
pkgs/python/[email protected]/ddtrace/testing/internal/env_tags.py:122
    merge_tags(tags, local_git_tags, ci_provider_tags, user_supplied_tags, get_custom_dd_tags(os.environ))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6891a0635dacd8d6 Environment-variable access.
pkgs/python/[email protected]/ddtrace/testing/internal/git.py:133
        git_env = {**os.environ, "LC_ALL": "C", "LANG": "C"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cc5c946bf388df0 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/offline_mode.py:60
            with open(manifest_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94e3624d400c0981 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/offline_mode.py:104
        with open(manifest_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #179c57297149e9e7 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/offline_mode.py:237
        with open(tmp, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f47c5d9d32a8987 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/pytest/_discovery.py:81
    with open(output_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81905ee0d865cdb0 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/session_manager.py:470
            data = json.loads(sentinel.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #505fca8a2ffabe78 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/session_manager.py:509
            tmp.write_text(json.dumps(payload_data))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e10278dc4fd8fa93 Filesystem access.
pkgs/python/[email protected]/ddtrace/testing/internal/session_manager.py:577
            lock_file = open(lock_path, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee6b580a9ec258bb Environment-variable access.
pkgs/python/[email protected]/setup.py:74
if "DD_COMPILE_DEBUG" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4858478ee9fcb91 Environment-variable access.
pkgs/python/[email protected]/setup.py:81
    COMPILE_MODE = os.environ.get("DD_COMPILE_MODE", COMPILE_MODE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f38434badf80b782 Environment-variable access.
pkgs/python/[email protected]/setup.py:83
FAST_BUILD = os.getenv("DD_FAST_BUILD", "false").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b08257f74141109 Environment-variable access.
pkgs/python/[email protected]/setup.py:90
    os.environ["DD_COMPILE_ABSEIL"] = "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16d2b322592c7ce7 Environment-variable access.
pkgs/python/[email protected]/setup.py:93
    os.environ.setdefault("CARGO_PROFILE_RELEASE_LTO", "off")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85432279e17ce76c Environment-variable access.
pkgs/python/[email protected]/setup.py:94
    os.environ.setdefault("CARGO_PROFILE_RELEASE_CODEGEN_UNITS", "16")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3da6b8bcc398dc1f Environment-variable access.
pkgs/python/[email protected]/setup.py:95
    os.environ.setdefault("CARGO_PROFILE_RELEASE_OPT_LEVEL", "2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8afca409a5b31ef Environment-variable access.
pkgs/python/[email protected]/setup.py:97
SCCACHE_COMPILE = os.getenv("DD_USE_SCCACHE", "0").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8955037d2e36704 Environment-variable access.
pkgs/python/[email protected]/setup.py:104
if "CMAKE_BUILD_PARALLEL_LEVEL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba6eb5592ff9fe3e Environment-variable access.
pkgs/python/[email protected]/setup.py:105
    os.environ["CMAKE_BUILD_PARALLEL_LEVEL"] = str(_cpu_count)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #712371aa59ef909d Environment-variable access.
pkgs/python/[email protected]/setup.py:108
DOWNLOAD_MAX_RETRIES = int(os.getenv("DD_DOWNLOAD_MAX_RETRIES", "10"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bc9077707f02509 Environment-variable access.
pkgs/python/[email protected]/setup.py:109
DOWNLOAD_INITIAL_DELAY = float(os.getenv("DD_DOWNLOAD_INITIAL_DELAY", "1.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0963010a7b152139 Environment-variable access.
pkgs/python/[email protected]/setup.py:110
DOWNLOAD_MAX_DELAY = float(os.getenv("DD_DOWNLOAD_MAX_DELAY", "120"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e27a4eeff5951d24 Environment-variable access.
pkgs/python/[email protected]/setup.py:123
DD_CARGO_ARGS = shlex.split(os.getenv("DD_CARGO_ARGS", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70aad8ccc937dcd1 Environment-variable access.
pkgs/python/[email protected]/setup.py:125
BUILD_PROFILING_NATIVE_TESTS = os.getenv("DD_PROFILING_NATIVE_TESTS", "0").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #098070add3a93f75 Environment-variable access.
pkgs/python/[email protected]/setup.py:128
SERVERLESS_BUILD = os.getenv("DD_SERVERLESS_BUILD", "0").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7154dbda1f5127ca Environment-variable access.
pkgs/python/[email protected]/setup.py:147
    _sccache_path = os.getenv("SCCACHE_PATH") or os.getenv("SCCACHE") or shutil.which("sccache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93c5bb34a6182c05 Environment-variable access.
pkgs/python/[email protected]/setup.py:156
        os.environ["DD_SCCACHE_PATH"] = str(sccache_path.resolve())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ad367e0f7f24906 Environment-variable access.
pkgs/python/[email protected]/setup.py:157
        os.environ["RUSTC_WRAPPER"] = str(sccache_path.resolve())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1b9c76ffc3738be Environment-variable access.
pkgs/python/[email protected]/setup.py:159
            (shutil.which(cmd) for cmd in [os.getenv("CC", ""), "cc", "gcc", "clang"] if shutil.which(cmd)), None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daccf29d63ca5d45 Environment-variable access.
pkgs/python/[email protected]/setup.py:162
            os.environ["DD_CC_OLD"] = cc_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d806c4090cee748 Environment-variable access.
pkgs/python/[email protected]/setup.py:163
            os.environ["CC"] = str(sccache_path) + " " + str(cc_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcd6e8a38ca9ac79 Environment-variable access.
pkgs/python/[email protected]/setup.py:166
            (shutil.which(cmd) for cmd in [os.getenv("CXX", ""), "c++", "g++", "clang++"] if shutil.which(cmd)), None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e33ffafc706fef3 Environment-variable access.
pkgs/python/[email protected]/setup.py:169
            os.environ["DD_CXX_OLD"] = cxx_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #070e8a31467f5e59 Environment-variable access.
pkgs/python/[email protected]/setup.py:170
            os.environ["CXX"] = str(sccache_path) + " " + str(cxx_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cf21af2ee8e6adb Filesystem access.
pkgs/python/[email protected]/setup.py:238
    expected_checksum, expected_filename = list(filter(None, open(sha256_filename, "r").read().strip().split(" ")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5a5d8d23be92b6f Filesystem access.
pkgs/python/[email protected]/setup.py:239
    actual_checksum = hashlib.sha256(open(filename, "rb").read()).hexdigest()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4336a6b6b028a122 Filesystem access.
pkgs/python/[email protected]/setup.py:254
    actual_checksum = hashlib.sha256(open(filename, "rb").read()).hexdigest()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9190366bd0212ce7 Environment-variable access.
pkgs/python/[email protected]/setup.py:304
        rust_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2ce14077cad9495 Filesystem access.
pkgs/python/[email protected]/setup.py:351
                    sources_hash.update(source.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0381a853c14f7515 Environment-variable access.
pkgs/python/[email protected]/setup.py:401
        for path in os.environ.get("PATH", "").split(os.pathsep):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1a83dcc465b6dc1 Environment-variable access.
pkgs/python/[email protected]/setup.py:449
            dedup_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bd0d315cbc7cd88 Environment-variable access.
pkgs/python/[email protected]/setup.py:450
            dedup_env["PATH"] = cargo_bin + os.pathsep + os.environ["PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5602eb9ced4b684 Environment-variable access.
pkgs/python/[email protected]/setup.py:464
    CACHE_DIR = Path(os.getenv("DD_SETUP_CACHE_DIR", HERE / ".download_cache"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #631e47106815b5d8 Environment-variable access.
pkgs/python/[email protected]/setup.py:465
    USE_CACHE = os.getenv("DD_SETUP_CACHE_DOWNLOADS", "1").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e624bc009bdc84d Filesystem access.
pkgs/python/[email protected]/setup.py:485
        if cls.version and version_sentinel.exists() and version_sentinel.read_text().strip() != cls.version:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #317dd7a9a334cdb9 Environment-variable access.
pkgs/python/[email protected]/setup.py:501
                target_platform = os.getenv("PLAT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6e0a030092f37cc Filesystem access.
pkgs/python/[email protected]/setup.py:586
            (download_dir / ".version").write_text(cls.version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8938716515cbd2ed Environment-variable access.
pkgs/python/[email protected]/setup.py:796
        archs = re.findall(r"-arch (\S+)", os.environ.get("ARCHFLAGS", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a928cb73709eeaa5 Filesystem access.
pkgs/python/[email protected]/setup.py:803
        return sentinel.exists() and sentinel.read_text().strip() == self.config_hash()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0d7d29163d0623f Filesystem access.
pkgs/python/[email protected]/setup.py:807
        (self.install_dir / ".dep_build_info").write_text(self.config_hash())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a9a3d40fa6c1bf9 Environment-variable access.
pkgs/python/[email protected]/setup.py:817
    if os.environ.get("DD_COMPILE_ABSEIL", "1") in ("0", "false"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a969f28d26585886 Environment-variable access.
pkgs/python/[email protected]/setup.py:836
    INCREMENTAL = os.getenv("DD_CMAKE_INCREMENTAL_BUILD", "1").lower() in ("1", "yes", "on", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b8cac7cafe7e0ff Environment-variable access.
pkgs/python/[email protected]/setup.py:862
        dd_build_parallel = os.getenv("DD_BUILD_PARALLEL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e52eb739a27d8897 Environment-variable access.
pkgs/python/[email protected]/setup.py:994
            if "CMAKE_BUILD_PARALLEL_LEVEL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #608b24b3d0f015fb Environment-variable access.
pkgs/python/[email protected]/setup.py:1049
            archs = re.findall(r"-arch (\S+)", os.environ.get("ARCHFLAGS", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10f9f8f6287bce3c Environment-variable access.
pkgs/python/[email protected]/setup.py:1152
        sccache_path = os.getenv("DD_SCCACHE_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f3da0376ce6aea4 Environment-variable access.
pkgs/python/[email protected]/setup.py:1155
                f"-DCMAKE_C_COMPILER={os.getenv('DD_CC_OLD', shutil.which('cc'))}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb092fa813f26167 Environment-variable access.
pkgs/python/[email protected]/setup.py:1157
                f"-DCMAKE_CXX_COMPILER={os.getenv('DD_CXX_OLD', shutil.which('c++'))}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73c1761d9d048e98 Environment-variable access.
pkgs/python/[email protected]/setup.py:1210
        sccache_path = os.getenv("DD_SCCACHE_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f271287a70a27ed0 Environment-variable access.
pkgs/python/[email protected]/setup.py:1213
                f"-DCMAKE_C_COMPILER={os.getenv('DD_CC_OLD', shutil.which('cc'))}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0709e404cf3f0053 Environment-variable access.
pkgs/python/[email protected]/setup.py:1215
                f"-DCMAKE_CXX_COMPILER={os.getenv('DD_CXX_OLD', shutil.which('c++'))}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c7801754d4694b1 Environment-variable access.
pkgs/python/[email protected]/setup.py:1292
        if "CMAKE_BUILD_PARALLEL_LEVEL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b80f54edf0eafa52 Environment-variable access.
pkgs/python/[email protected]/setup.py:1320
            archs = re.findall(r"-arch (\S+)", os.environ.get("ARCHFLAGS", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9a4ded46bf1122c Environment-variable access.
pkgs/python/[email protected]/setup.py:1344
    enabled = "_DD_DEBUG_EXT" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #775543e511ff6baa Environment-variable access.
pkgs/python/[email protected]/setup.py:1345
    metadata_file = os.getenv("_DD_DEBUG_EXT_FILE", "debug_ext_metadata.txt")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96d96b3c1bb828d4 Filesystem access.
pkgs/python/[email protected]/setup.py:1363
        with open(cls.metadata_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f65798532c3d1a29 Environment-variable access.
pkgs/python/[email protected]/setup.py:1367
                ("CARGO_BUILD_JOBS", os.getenv("CARGO_BUILD_JOBS", "unset")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c36496273ecf152 Environment-variable access.
pkgs/python/[email protected]/setup.py:1368
                ("CMAKE_BUILD_PARALLEL_LEVEL", os.getenv("CMAKE_BUILD_PARALLEL_LEVEL", "unset")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5b76166fb52886a Environment-variable access.
pkgs/python/[email protected]/setup.py:1615
        if os.environ.get("DD_PROFILING_MEMALLOC_ASSERT_ON_REENTRY", "0") not in ("0", ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71c949990dfac130 Environment-variable access.
pkgs/python/[email protected]/setup.py:1656
if os.getenv("DD_CYTHONIZE", "1").lower() in ("1", "yes", "on", "true"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bdeb1c5fcd3d5db Environment-variable access.
pkgs/python/[email protected]/setup.py:1719
            force=os.getenv("DD_SETUP_FORCE_CYTHONIZE", "0") == "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a3130497b63692 Environment-variable access.
pkgs/python/[email protected]/setup.py:1720
            annotate=os.getenv("_DD_CYTHON_ANNOTATE") == "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

opentelemetry-exporter-otlp-proto-grpc

python dependency
medium telemetry dependency Excluded from app score #dd781cbd88bc9219 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:19
from opentelemetry.exporter.otlp.proto.common._log_encoder import encode_logs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #104c9aef3f5653ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:20
from opentelemetry.exporter.otlp.proto.grpc.exporter import (
    OTLPExporterMixin,
    _get_credentials,
    environ_to_compression,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1276377dc49caf0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:25
from opentelemetry.proto.collector.logs.v1.logs_service_pb2 import (
    ExportLogsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f2cc0b8536821f85 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:28
from opentelemetry.proto.collector.logs.v1.logs_service_pb2_grpc import (
    LogsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #784efc91129346e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:31
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3d4149dad63f04ad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:32
from opentelemetry.sdk._logs.export import (
    LogRecordExporter,
    LogRecordExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #622a6d1cf5f43ce4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:36
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_LOGS_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE,
    OTEL_EXPORTER_OTLP_LOGS_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_LOGS_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_LOGS_COMPRESSION,
    OTEL_EXPORTER_OTLP_LOGS_ENDPOINT,
    OTEL_EXPORTER_OTLP_LOGS_HEADERS,
    OTEL_EXPORTER_OTLP_LOGS_INSECURE,
    OTEL_EXPORTER_OTLP_LOGS_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ada8c37f2d8926e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:53
from opentelemetry.exporter.otlp.proto.common._internal import (
    _get_resource_data,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee850025e141da20 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:56
from opentelemetry.exporter.otlp.proto.grpc import (
    _OTLP_GRPC_CHANNEL_OPTIONS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f99e9c57626dd6c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:59
from opentelemetry.proto.collector.logs.v1.logs_service_pb2 import (
    ExportLogsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #79bdeafaf0808dae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:62
from opentelemetry.proto.collector.logs.v1.logs_service_pb2_grpc import (
    LogsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cf9fe8b3fd9165b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:65
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2 import (
    ExportMetricsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #90e7c77e2c80f1ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:68
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2_grpc import (
    MetricsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7d15e30dec266146 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:71
from opentelemetry.proto.collector.trace.v1.trace_service_pb2 import (
    ExportTraceServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b043075c6f13b9c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:74
from opentelemetry.proto.collector.trace.v1.trace_service_pb2_grpc import (
    TraceServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6eebdbe26ce87ad4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:77
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    AnyValue,
    ArrayValue,
    KeyValue,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #06bfe8c651b30a28 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:82
from opentelemetry.proto.resource.v1.resource_pb2 import Resource  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec4b2e4503da0ceb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:83
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8aaad07b13fefb5b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:84
from opentelemetry.sdk._logs.export import LogRecordExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bfc7fd81c01ad45a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:85
from opentelemetry.sdk._shared_internal import DuplicateFilter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a4924b251f8cb4f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:86
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_COMPRESSION,
    OTEL_EXPORTER_OTLP_ENDPOINT,
    OTEL_EXPORTER_OTLP_HEADERS,
    OTEL_EXPORTER_OTLP_INSECURE,
    OTEL_EXPORTER_OTLP_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3a216289bf1e3c6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:97
from opentelemetry.sdk.metrics.export import MetricExportResult, MetricsData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bbe2c424873e3466 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:98
from opentelemetry.sdk.resources import Resource as SDKResource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #82828390dec5116c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:99
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #713fa7bcf77c71bc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:100
from opentelemetry.sdk.trace.export import SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aeacc6324fc3a8a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:101
from opentelemetry.util._importlib_metadata import entry_points

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ebfb2fbd7786ad73 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:102
from opentelemetry.util.re import parse_env_headers

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #56a95126e48c8819 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:23
from opentelemetry.exporter.otlp.proto.common._internal.metrics_encoder import (
    OTLPMetricExporterMixin,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0363f3c25f8d8c8d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:26
from opentelemetry.exporter.otlp.proto.common.metrics_encoder import (
    encode_metrics,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1153d156c3c43bfd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:29
from opentelemetry.exporter.otlp.proto.grpc.exporter import (  # noqa: F401
    OTLPExporterMixin,
    _get_credentials,
    environ_to_compression,
    get_resource_data,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dbc57dc77f9da2a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:35
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2 import (
    ExportMetricsServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3bad89f1f0bb676b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:38
from opentelemetry.proto.collector.metrics.v1.metrics_service_pb2_grpc import (
    MetricsServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #354e2990d5ae1656 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:41
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b62444c96ab401cd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:44
from opentelemetry.proto.metrics.v1 import metrics_pb2 as pb2  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #842b606c5333feb3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:45
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_METRICS_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE,
    OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_METRICS_COMPRESSION,
    OTEL_EXPORTER_OTLP_METRICS_ENDPOINT,
    OTEL_EXPORTER_OTLP_METRICS_HEADERS,
    OTEL_EXPORTER_OTLP_METRICS_INSECURE,
    OTEL_EXPORTER_OTLP_METRICS_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e1e8a21d2cc38372 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:56
from opentelemetry.sdk.metrics._internal.aggregation import Aggregation

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #beb0afb93a16a823 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:57
from opentelemetry.sdk.metrics.export import (  # noqa: F401
    AggregationTemporality,
    DataPointT,
    Gauge,
    Metric,
    MetricExporter,
    MetricExportResult,
    MetricsData,
    ResourceMetrics,
    ScopeMetrics,
    Sum,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #523bc1be6e9070a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:69
from opentelemetry.sdk.metrics.export import (  # noqa: F401
    ExponentialHistogram as ExponentialHistogramType,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #503ecf8399bddecb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:72
from opentelemetry.sdk.metrics.export import (  # noqa: F401
    Histogram as HistogramType,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7b16775c2a5d2ffd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:22
from opentelemetry.exporter.otlp.proto.common.trace_encoder import (
    encode_spans,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d2e7bbf082c3128b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:25
from opentelemetry.exporter.otlp.proto.grpc.exporter import (  # noqa: F401
    OTLPExporterMixin,
    _get_credentials,
    environ_to_compression,
    get_resource_data,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c4aa6bb950b8bf5a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:31
from opentelemetry.proto.collector.trace.v1.trace_service_pb2 import (
    ExportTraceServiceRequest,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7cb52eeb8699e352 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:34
from opentelemetry.proto.collector.trace.v1.trace_service_pb2_grpc import (
    TraceServiceStub,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #439722c971a6a456 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:37
from opentelemetry.proto.common.v1.common_pb2 import (  # noqa: F401
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c6b5b6f019c5425c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:40
from opentelemetry.proto.trace.v1.trace_pb2 import (  # noqa: F401
    ResourceSpans,
    ScopeSpans,
    Status,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #870121e85834cc84 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:45
from opentelemetry.proto.trace.v1.trace_pb2 import (  # noqa: F401
    Span as CollectorSpan,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a9d7da3d245cf0f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:48
from opentelemetry.sdk.environment_variables import (
    _OTEL_PYTHON_EXPORTER_OTLP_GRPC_TRACES_CREDENTIAL_PROVIDER,
    OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE,
    OTEL_EXPORTER_OTLP_TRACES_CLIENT_CERTIFICATE,
    OTEL_EXPORTER_OTLP_TRACES_CLIENT_KEY,
    OTEL_EXPORTER_OTLP_TRACES_COMPRESSION,
    OTEL_EXPORTER_OTLP_TRACES_ENDPOINT,
    OTEL_EXPORTER_OTLP_TRACES_HEADERS,
    OTEL_EXPORTER_OTLP_TRACES_INSECURE,
    OTEL_EXPORTER_OTLP_TRACES_TIMEOUT,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8dec6d35b9a70355 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:59
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #391de15a8d05cf5d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:60
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 27 low-confidence finding(s)
low env_fs dependency Excluded from app score #71992a04f984299f Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:70
        insecure_logs = environ.get(OTEL_EXPORTER_OTLP_LOGS_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a86eecea5ab0ad97 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:76
            and environ.get(OTEL_EXPORTER_OTLP_LOGS_CERTIFICATE) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c94e32e242484151 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:86
        environ_timeout = environ.get(OTEL_EXPORTER_OTLP_LOGS_TIMEOUT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0040a813e8a7dc99 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:99
            endpoint=endpoint or environ.get(OTEL_EXPORTER_OTLP_LOGS_ENDPOINT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6afcdf5c5ed05579 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/_log_exporter/__init__.py:102
            headers=headers or environ.get(OTEL_EXPORTER_OTLP_LOGS_HEADERS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3c1a491579c37c8 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:160
        environ[environ_key].lower().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #693b6fa2b33a4388 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:161
        if environ_key in environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daa5ac4687919073 Filesystem access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:185
        with open(file_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4ca75371a9a4e65 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:226
    _credential_env = environ.get(credential_entry_point_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbfd15e1a26b81d6 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:250
    certificate_file = environ.get(certificate_file_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc7bccb3a77338c9 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:252
        client_key_file = environ.get(client_key_file_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0873c179ae69a4c6 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:253
        client_certificate_file = environ.get(client_certificate_file_env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c45e540922e33362 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:293
        self._endpoint = endpoint or environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4146976450bb87e Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:293
        self._endpoint = endpoint or environ.get(
            OTEL_EXPORTER_OTLP_ENDPOINT, "http://localhost:4317"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d53668554933162 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:301
        insecure_exporter = environ.get(OTEL_EXPORTER_OTLP_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ade577b8a6f4ea34 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:311
        self._headers = headers or environ.get(OTEL_EXPORTER_OTLP_HEADERS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #343151e82c02c1f8 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/exporter.py:335
            environ.get(OTEL_EXPORTER_OTLP_TIMEOUT, 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3cd705be05ee444 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:113
        insecure_metrics = environ.get(OTEL_EXPORTER_OTLP_METRICS_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfdfd251b5932802 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:119
            and environ.get(OTEL_EXPORTER_OTLP_METRICS_CERTIFICATE) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7a96d69479a3910 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:129
        environ_timeout = environ.get(OTEL_EXPORTER_OTLP_METRICS_TIMEOUT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a2fdb53c6ce219f Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:149
            or environ.get(OTEL_EXPORTER_OTLP_METRICS_ENDPOINT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #051efedd4135077a Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/metric_exporter/__init__.py:152
            headers=headers or environ.get(OTEL_EXPORTER_OTLP_METRICS_HEADERS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c88f5d3f230f70bf Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:99
        insecure_spans = environ.get(OTEL_EXPORTER_OTLP_TRACES_INSECURE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75ce186fdf7f712a Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:105
            and environ.get(OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d327b70afc9ef3c Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:115
        environ_timeout = environ.get(OTEL_EXPORTER_OTLP_TRACES_TIMEOUT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e15f21ec55e6b71 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:131
            or environ.get(OTEL_EXPORTER_OTLP_TRACES_ENDPOINT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8e9748856fbd3d9 Environment-variable access.
pkgs/python/[email protected]/src/opentelemetry/exporter/otlp/proto/grpc/trace_exporter/__init__.py:134
            headers=headers or environ.get(OTEL_EXPORTER_OTLP_TRACES_HEADERS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

daytona

python dependency
medium telemetry dependency Excluded from app score #2052f20455c05ec9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:15
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #43532b14fc43237a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:16
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #74c104266470c01e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:17
from opentelemetry.instrumentation.aiohttp_client import AioHttpClientInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #247a8630ea6ce150 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:18
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #99fbdec7124b9cb8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:19
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c820b9181930391f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:20
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f1c0ef63fb0a9436 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_async/daytona.py:21
from opentelemetry.semconv.attributes import service_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1eb7c7b2bd2a7d14 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:16
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3ccc327d5d421a92 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:17
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d3ad41d7f572bde6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:18
from opentelemetry.instrumentation.aiohttp_client import AioHttpClientInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #65ce1c2445307fc1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:19
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #abe729d99817cd87 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:20
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ff5f8fa02a11632a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:21
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef2b12dca41fd0ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_sync/daytona.py:22
from opentelemetry.semconv.attributes import service_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b2cd50e10a38f452 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_utils/otel_decorator.py:12
from opentelemetry import metrics, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a22af00d88aaee01 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/daytona/_utils/otel_decorator.py:13
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #2d29b2da49b0b18b Filesystem access.
pkgs/python/[email protected]/src/daytona/_async/filesystem.py:947
                    stream = stack.enter_context(open(f.source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47ace5dfcdf2e77b Filesystem access.
pkgs/python/[email protected]/src/daytona/_async/filesystem.py:1200
        return stack.enter_context(open(source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e763379caa01cb7 Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/computer_use.py:623
            with open(local_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c60facc699e32eea Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/filesystem.py:472
                            writer = open(meta.dst, mode="wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67d57bfccf66e554 Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/filesystem.py:911
                    stream = stack.enter_context(open(f.source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efb24d4e284f9b8e Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/filesystem.py:1022
        return stack.enter_context(open(source, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18f6a9ac1196b45a Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/object_storage.py:110
            with open(abs_path_str, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #307c9f66554eead3 Filesystem access.
pkgs/python/[email protected]/src/daytona/_sync/object_storage.py:126
                    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73813ca0d610ccee Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/env.py:26
        val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01ba1a6812bb64c6 Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:15
    old_env: MutableMapping[str, str] = deepcopy(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32f2b02a01ceddfa Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:16
    os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0efa4336f2f5168 Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:18
        os.environ.update(temp_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab8bb44a3f2505ce Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:22
        os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1beaa2fe95612111 Environment-variable access.
pkgs/python/[email protected]/src/daytona/_utils/environment.py:23
        os.environ.update(old_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcd3c095e50832ff Filesystem access.
pkgs/python/[email protected]/src/daytona/common/image.py:438
        dockerfile = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

coredis

python dependency
medium telemetry dependency Excluded from app score #41a1e3d5c4a0b7da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:22
from opentelemetry import metrics, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b9fc32802fca67d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:23
from opentelemetry.metrics import (
    CallbackOptions,
    Counter,
    Histogram,
    Meter,
    Observation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f69744a48a05b8b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:30
from opentelemetry.semconv._incubating.attributes.db_attributes import (
    DB_CLIENT_CONNECTION_STATE,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a109ee67c63a675c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:33
from opentelemetry.semconv._incubating.metrics.db_metrics import (
    DB_CLIENT_CONNECTION_COUNT,
    DB_CLIENT_CONNECTION_CREATE_TIME,
    DB_CLIENT_CONNECTION_MAX,
    DB_CLIENT_CONNECTION_PENDING_REQUESTS,
    DB_CLIENT_CONNECTION_TIMEOUTS,
    DB_CLIENT_CONNECTION_USE_TIME,
    DB_CLIENT_CONNECTION_WAIT_TIME,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b2e3690f4c56d44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:42
from opentelemetry.semconv.attributes.db_attributes import (
    DB_OPERATION_BATCH_SIZE,
    DB_OPERATION_NAME,
    DB_QUERY_TEXT,
    DB_STORED_PROCEDURE_NAME,
    DB_SYSTEM_NAME,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #19af78f22ea5f919 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:49
from opentelemetry.semconv.metrics.db_metrics import DB_CLIENT_OPERATION_DURATION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #090d617ed39a209d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/coredis/_telemetry/_otel.py:50
from opentelemetry.trace import SpanKind, Status, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #3168c32b6b91ef79 Environment-variable access.
pkgs/python/[email protected]/coredis/config.py:7
    if var := os.environ.get(name):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b5e3338ca7b6242 Environment-variable access.
pkgs/python/[email protected]/coredis/config.py:20
            for cmd in os.environ.get("COREDIS_OTEL_DISABLED_COMMANDS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dc89736430caddc Filesystem access.
pkgs/python/[email protected]/coredis/patterns/lock/__init__.py:26
EXTEND_SCRIPT = Script(script=(Path(__file__).parent / "lua/extend.lua").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9541e38577441e07 Filesystem access.
pkgs/python/[email protected]/coredis/patterns/lock/__init__.py:27
RELEASE_SCRIPT = Script(script=(Path(__file__).parent / "lua/release.lua").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

aiohttp

python dependency
expand_more 19 low-confidence finding(s)
low env_fs dependency Excluded from app score #6c0f50b72cad8638 Filesystem access.
pkgs/python/[email protected]/aiohttp/cookiejar.py:207
        with open(
            file_path,
            mode="w",
            encoding="utf-8",
            opener=lambda path, flags: os.open(path, flags, 0o600),
        ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b27bd56a3a80386 Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:73
NO_EXTENSIONS = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ac9d5bccf1f2cb2 Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:82
    not sys.flags.ignore_environment and bool(os.environ.get("PYTHONASYNCIODEBUG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66834e483558698d Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:228
    netrc_env = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c47675a4ec4c7fe Environment-variable access.
pkgs/python/[email protected]/aiohttp/web_fileresponse.py:50
NOSENDFILE: Final[bool] = bool(os.environ.get("AIOHTTP_NOSENDFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b6278394fd3bd789 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:21
    os.getenv("READTHEDOCS", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7daf82e2a6449819 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:22
    and os.environ["READTHEDOCS_VERSION_TYPE"] == "tag"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3beb3353508a2ada Filesystem access.
pkgs/python/[email protected]/docs/conf.py:31
with open(_version_path, encoding="latin1") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d9d2dcfef0b750ba Filesystem access.
pkgs/python/[email protected]/examples/web_ws.py:20
        with open(WS_FILE, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #888ccd7b521fe3af Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:12
data = tomllib.loads(Path("pyproject.toml").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0145eb8a9d1b622 Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:19
with open(Path("requirements", "runtime-deps.in"), "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #494d5561d98e10fa Environment-variable access.
pkgs/python/[email protected]/setup.py:13
    os.environ.get("AIOHTTP_USE_SYSTEM_DEPS", os.environ.get("USE_SYSTEM_DEPS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05b7cb7b676a6fbe Environment-variable access.
pkgs/python/[email protected]/setup.py:15
NO_EXTENSIONS: bool = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9173b9e7d9828f4 Environment-variable access.
pkgs/python/[email protected]/setup.py:16
CYTHON_TRACING: bool = bool(os.environ.get("AIOHTTP_CYTHON_TRACE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #19197ec48a347cd9 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:30
        hasher.update(full_src.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #40d113c2721fb5a9 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:37
        dst_hash = dst.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4b5197ef110c613b Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:41
        dst.write_text(src_hash)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #48861dcce43e6510 Filesystem access.
pkgs/python/[email protected]/tools/cleanup_changes.py:30
    changes = (root / "CHANGES.rst").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7182d96018cd7ae5 Filesystem access.
pkgs/python/[email protected]/tools/gen.py:16
    code = compile(hdrs_file.read_text(), str(hdrs_file), "exec")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

alembic

python dependency
expand_more 30 low-confidence finding(s)
low env_fs dependency Excluded from app score #c54a595d00bda3b8 Filesystem access.
pkgs/python/[email protected]/alembic/command.py:141
                with open(toml_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a70b2a748c5ca816 Filesystem access.
pkgs/python/[email protected]/alembic/command.py:174
                with open(path, "w"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10ed2474d11e1929 Filesystem access.
pkgs/python/[email protected]/alembic/config.py:277
            with open(self._toml_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26a0c7628df62262 Environment-variable access.
pkgs/python/[email protected]/alembic/config.py:985
        alembic_config_env = os.environ.get("ALEMBIC_CONFIG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e08a0ff6c23ca343 Filesystem access.
pkgs/python/[email protected]/alembic/templates/multidb/env.py:70
        with open(file_, "w") as buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0694c7f31dbbe1c7 Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:93
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2578af7cd755d619 Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:113
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09707d1b9fbed3b2 Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:300
    with open(cfg.toml_file_name, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1202489191bb74c3 Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:307
    with open(cfg.config_file_name, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #897fc85b843ae96e Filesystem access.
pkgs/python/[email protected]/alembic/testing/env.py:332
    with open(path, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b5e1e93605410d1 Environment-variable access.
pkgs/python/[email protected]/alembic/testing/fixtures.py:70
        os.environ.pop("ALEMBIC_CONFIG", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79177675a9ced76f Environment-variable access.
pkgs/python/[email protected]/alembic/util/editor.py:33
    env = os.environ if environ is None else environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8c0bef19b3fb548 Filesystem access.
pkgs/python/[email protected]/alembic/util/pyfiles.py:48
        with open(dest, "ab" if append_with_newlines else "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79e58004a6fb1a8a Environment-variable access.
pkgs/python/[email protected]/noxfile.py:21
SQLA_REPO = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d69e4ed751a8c3c Environment-variable access.
pkgs/python/[email protected]/noxfile.py:21
SQLA_REPO = os.environ.get(
    "SQLA_REPO", "git+https://github.com/sqlalchemy/sqlalchemy.git"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad81088f8908c63 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:134
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32360221803d5140 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:141
            cmd.extend(os.environ.get("TOX_SQLITE", "--db=sqlite").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37380bc8926725c0 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:147
                os.environ.get("TOX_POSTGRESQL", "--db=postgresql").split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #571e4741da3972cb Environment-variable access.
pkgs/python/[email protected]/noxfile.py:153
            cmd.extend(os.environ.get("TOX_MYSQL", "--db=mysql").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1278815b97a0a63c Environment-variable access.
pkgs/python/[email protected]/noxfile.py:160
            if "ORACLE_HOME" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86419085bd9b3ada Environment-variable access.
pkgs/python/[email protected]/noxfile.py:161
                session.env["ORACLE_HOME"] = os.environ.get("ORACLE_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b035dfe90e7333c4 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:162
            if "NLS_LANG" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcc4908113ce5377 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:163
                session.env["NLS_LANG"] = os.environ.get("NLS_LANG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #763a0174d5b7be91 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:164
            cmd.extend(os.environ.get("TOX_ORACLE", "--db=oracle").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61d7020ac8204494 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:170
            cmd.extend(os.environ.get("TOX_MSSQL", "--db=mssql").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b3aac5d3b822d5f Environment-variable access.
pkgs/python/[email protected]/noxfile.py:247
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e3d74bbcffb2f761 Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:85
    with open(destination_path, "w") as buf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6c584f99edd701d6 Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:305
            sys.stdout.write(f_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a3ec0c3b105301b7 Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:352
        with open(self.path) as read_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #635437d981b1ecb6 Filesystem access.
pkgs/python/[email protected]/tools/write_pyi.py:392
        with open(self.path) as read_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anyio

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #8afdf7c594904751 Filesystem access.
pkgs/python/[email protected]/src/anyio/to_process.py:203
    sys.stdin = open(os.devnull)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15f7be36287f4f7e Filesystem access.
pkgs/python/[email protected]/src/anyio/to_process.py:204
    sys.stdout = open(os.devnull, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

asyncpg

python dependency
expand_more 52 low-confidence finding(s)
low env_fs dependency Excluded from app score #9317d6db46fbfdbd Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:102
        if os.environ.get('USE_UVLOOP'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f748b07232a44ab7 Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:246
        pg_host = os.environ.get('PGHOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3e52d46c0f4bca6 Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:352
        if not os.environ.get('PGHOST') and not kwargs.get('dsn'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #788e8680818e5774 Environment-variable access.
pkgs/python/[email protected]/asyncpg/_testbase/__init__.py:509
        if not os.environ.get('PGHOST') and not kwargs.get('dsn'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e466831cf52b2c7 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:64
    if _system == 'Windows' and os.environ.get("GITHUB_ACTIONS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94df618f048d272a Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:82
            os.environ.get('PGINSTALLATION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed62d94ed54db1b4 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:83
            or os.environ.get('PGBIN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71b63e62c32c9129 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:215
            if os.getenv('ASYNCPG_DEBUG_SERVER'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4547bc76d388047 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:245
            if os.getenv('ASYNCPG_DEBUG_SERVER'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #138d1d38db9c108d Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:377
            with open(pg_hba, 'w'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90f0221d6d5e9e0c Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:412
            with open(pg_hba, 'a') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8e0d1285f43dd6e Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:466
            with open(pidfile, 'rt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ae8779f2c07a2dc Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:566
                os.environ.get('PGINSTALLATION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73f7adaba4af80d8 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:567
                or os.environ.get('PGBIN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a15f525bda6b4802 Environment-variable access.
pkgs/python/[email protected]/asyncpg/cluster.py:573
                pathenv = os.environ.get('PATH').split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31bd70aa9b47c5a3 Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:671
            with open(os.path.join(self._data_dir, 'recovery.conf'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f28d688c8e74e2b0 Filesystem access.
pkgs/python/[email protected]/asyncpg/cluster.py:680
            f = open(os.path.join(self._data_dir, 'standby.signal'), 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e82630d74eb5818e Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:201
        portspec = os.environ.get('PGPORT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc1fad80c26fbd52 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:306
            connection_service_file = os.getenv('PGSERVICEFILE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3e2b99f77dd087e Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:555
        service = os.environ.get('PGSERVICE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad090883fa79a6fe Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:557
        hostspec = os.environ.get('PGHOST')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf37211df6ffc660 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:577
        portspec = os.environ.get('PGPORT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #287b0d423d605893 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:595
        user = os.getenv('PGUSER')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73d676b1ea92871d Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:600
        password = os.getenv('PGPASSWORD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #021a115b4957cdb5 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:603
        database = os.getenv('PGDATABASE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96b1c3fd7441c24b Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:618
            passfile = os.getenv('PGPASSFILE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1312ccc21ba6d8c Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:653
        ssl = os.getenv('PGSSLMODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c514fcaed00ee2bb Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:664
            sslnegotiation = os.environ.get("PGSSLNEGOTIATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e250ba7651d743a Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:699
                    sslrootcert = os.getenv('PGSSLROOTCERT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b051c6322f24dde9 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:745
                    sslcrl = os.getenv('PGSSLCRL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d2e1858fc842b62 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:764
                sslkey = os.getenv('PGSSLKEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0514429795e7a84 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:772
                sslcert = os.getenv('PGSSLCERT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72f75acc012f56d2 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:791
                keylogfile = os.environ.get('SSLKEYLOGFILE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d28482caaf7ce261 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:796
                ssl_min_protocol_version = os.getenv('PGSSLMINPROTOCOLVERSION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #571ee21ca95ccb81 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:805
                ssl_max_protocol_version = os.getenv('PGSSLMAXPROTOCOLVERSION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91ab61fed44c9b33 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:826
        target_session_attrs = os.getenv(
            "PGTARGETSESSIONATTRS", SessionAttribute.any
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c94ab29bcbb5295 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:841
        krbsrvname = os.getenv('PGKRBSRVNAME')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84fe1ad54e0dd450 Environment-variable access.
pkgs/python/[email protected]/asyncpg/connect_utils.py:844
        gsslib = os.getenv('PGGSSLIB')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #20ed5ef771cf3e89 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:11
with open(version_file, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dc34166a3cb35cc Filesystem access.
pkgs/python/[email protected]/setup.py:40
with open(str(_ROOT / 'README.rst')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3127454302a41797 Filesystem access.
pkgs/python/[email protected]/setup.py:44
with open(str(_ROOT / 'asyncpg' / '_version.py')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8778d0f5a6119f91 Environment-variable access.
pkgs/python/[email protected]/setup.py:60
        v = os.environ.get('PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1079064e15930df Filesystem access.
pkgs/python/[email protected]/setup.py:82
        with open(str(filename)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a70cf548db2e0b4d Filesystem access.
pkgs/python/[email protected]/setup.py:89
        with open(str(filename), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca8344c5c4fa090d Environment-variable access.
pkgs/python/[email protected]/setup.py:137
        if os.environ.get('ASYNCPG_DEBUG'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cdac8f8862d470c Environment-variable access.
pkgs/python/[email protected]/setup.py:159
            self.cython_always = bool(os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07d532be5f28b2c9 Environment-variable access.
pkgs/python/[email protected]/setup.py:159
            self.cython_always = bool(os.environ.get(
                "ASYNCPG_BUILD_CYTHON_ALWAYS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16f3fd3167fcb14b Environment-variable access.
pkgs/python/[email protected]/setup.py:163
            self.cython_annotate = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03e1213c80958e72 Environment-variable access.
pkgs/python/[email protected]/setup.py:163
            self.cython_annotate = os.environ.get(
                "ASYNCPG_BUILD_CYTHON_ANNOTATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f96e0de007540b8 Environment-variable access.
pkgs/python/[email protected]/setup.py:167
            self.cython_directives = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e768e632ff6460b Environment-variable access.
pkgs/python/[email protected]/setup.py:167
            self.cython_directives = os.environ.get(
                "ASYNCPG_BUILD_CYTHON_DIRECTIVES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31adc09c453c1e99 Environment-variable access.
pkgs/python/[email protected]/setup.py:239
    or os.environ.get("ASYNCPG_BUILD_CYTHON_ALWAYS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

authlib

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #c4781e1a058b35e3 Environment-variable access.
pkgs/python/[email protected]/authlib/common/security.py:15
    if os.getenv("AUTHLIB_INSECURE_TRANSPORT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

bashlex

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #ad68cd552e68a94e Filesystem access.
pkgs/python/[email protected]/bashlex/yacc.py:2347
                debuglog = PlyLogger(open(debugfile, 'w'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

binaryornot

python dependency
expand_more 9 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #eacc271701eaeaed Filesystem access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:20
    with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c87bb0afbc731db1 Filesystem access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:36
            with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9f4c2e7ecb301ce0 Filesystem access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:158
        with open(test_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1f8ac812bbeebc6b Environment-variable access.
pkgs/python/[email protected]/scripts/generate_fixtures.py:165
                **os.environ,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7c5646739d2fbe64 Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:442
    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8f53e6f8b40ba4d7 Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:510
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c879f9a723156770 Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:591
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #24061fadc79512c9 Filesystem access.
pkgs/python/[email protected]/scripts/train_detector.py:599
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70f3da5769c8b5a5 Filesystem access.
pkgs/python/[email protected]/src/binaryornot/helpers.py:89
    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

boto3

python dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling reachable #13eee60a4ce9eb57 Filesystem access.
pkgs/python/[email protected]/boto3/docs/__init__.py:50
        with open(service_doc_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0499028560aa1daa Filesystem access.
pkgs/python/[email protected]/boto3/docs/service.py:200
            with open(examples_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97317cb9ef4cf9c2 Filesystem access.
pkgs/python/[email protected]/setup.py:24
    init = open(os.path.join(ROOT, 'boto3', '__init__.py')).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12c34604fea9fd5a Filesystem access.
pkgs/python/[email protected]/setup.py:32
    long_description=open('README.rst').read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

browsergym-core

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #4257899a0801f62c Filesystem access.
pkgs/python/[email protected]/src/browsergym/core/chat.py:81
    with open(chatbox_dir / "chatbox_modern.html", "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e5c5569242edd1e Filesystem access.
pkgs/python/[email protected]/src/browsergym/core/chat.py:88
    with open(chatbox_dir / "chatbox.html", "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa7260a8878b5534 Filesystem access.
pkgs/python/[email protected]/src/browsergym/core/chat.py:90
    with open(chatbox_dir / "assistant.png", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cloud-sql-python-connector

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #b7fc6d7687707e72 Environment-variable access.
pkgs/python/[email protected]/google/cloud/sql/connector/connector.py:189
            self._quota_project = os.environ.get("GOOGLE_CLOUD_QUOTA_PROJECT")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28a511d240a60d7a Environment-variable access.
pkgs/python/[email protected]/google/cloud/sql/connector/connector.py:194
            self._universe_domain = os.environ.get("GOOGLE_CLOUD_UNIVERSE_DOMAIN")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

deprecation

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #3a1954c7cf94fb29 Filesystem access.
pkgs/python/[email protected]/setup.py:11
    with open("deprecation.py", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07c38bf6cf220d8e Filesystem access.
pkgs/python/[email protected]/setup.py:36
      long_description=io.open("README.rst", encoding="utf-8").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

dirhash

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #19132262d676e4e4 Filesystem access.
pkgs/python/[email protected]/setup.py:11
    with open(os.path.join(PROJECT_ROOT, "README.md"), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40f55f95760332ca Filesystem access.
pkgs/python/[email protected]/src/dirhash/__init__.py:587
    with open(filepath, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

docker

python dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #b10aca79c9c5fb2a Filesystem access.
pkgs/python/[email protected]/docker/api/build.py:153
                with open(dockerignore) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #042f0ce20c48b455 Filesystem access.
pkgs/python/[email protected]/docker/api/build.py:370
        with open(abs_dockerfile) as df:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de10cb9d3653afeb Filesystem access.
pkgs/python/[email protected]/docker/api/image.py:141
            with open(src, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14f7afbc9aab7117 Filesystem access.
pkgs/python/[email protected]/docker/auth.py:159
                with open(config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3138ae67f67b3260 Filesystem access.
pkgs/python/[email protected]/docker/auth.py:356
        with open(config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2550aede21a09f04 Filesystem access.
pkgs/python/[email protected]/docker/context/api.py:115
                            open(os.path.join(dirname, filename)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b76f15d667cb7c62 Filesystem access.
pkgs/python/[email protected]/docker/context/config.py:17
            with open(docker_cfg_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c2eb2c340446a1f Filesystem access.
pkgs/python/[email protected]/docker/context/config.py:31
            with open(docker_cfg_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8770026dc709986d Filesystem access.
pkgs/python/[email protected]/docker/context/config.py:43
        with open(docker_cfg_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7f6f3817710237d Filesystem access.
pkgs/python/[email protected]/docker/context/context.py:100
            with open(meta_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2204e10e4fe08d10 Filesystem access.
pkgs/python/[email protected]/docker/context/context.py:150
        with open(get_meta_file(self.name), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #598610db2986d556 Environment-variable access.
pkgs/python/[email protected]/docker/credentials/utils.py:8
    result = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50e183f4a22a118f Environment-variable access.
pkgs/python/[email protected]/docker/transport/sshconn.py:50
        env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a59c3ca0bd39424 Filesystem access.
pkgs/python/[email protected]/docker/transport/sshconn.py:197
            with open(ssh_config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76a296e6cb599cb1 Filesystem access.
pkgs/python/[email protected]/docker/utils/build.py:102
                with open(full_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c1f100c5deba215 Environment-variable access.
pkgs/python/[email protected]/docker/utils/config.py:34
    config_dir = os.environ.get('DOCKER_CONFIG')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8baf34aac0722981 Environment-variable access.
pkgs/python/[email protected]/docker/utils/config.py:46
        return os.environ.get('USERPROFILE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff97eb7f73a62aeb Filesystem access.
pkgs/python/[email protected]/docker/utils/config.py:58
        with open(config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #587d51bb13a7d11a Environment-variable access.
pkgs/python/[email protected]/docker/utils/utils.py:355
        environment = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e7cd2308451ff1e Filesystem access.
pkgs/python/[email protected]/docker/utils/utils.py:465
    with open(env_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fastapi

python dependency
expand_more 64 low-confidence finding(s)
low env_fs dependency Excluded from app score #ceb8b68bc57d6935 Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial001_py310.py:7
    with open("log.txt", mode="w") as email_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c61fd1cdee7c7e27 Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial002_an_py310.py:9
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94e30f00284119ac Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial002_py310.py:7
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d49aef1a1618b64 Filesystem access.
pkgs/python/[email protected]/docs_src/custom_response/tutorial008_py310.py:11
        with open(some_file_path, mode="rb") as file_like:  # (2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8b72e7f917c96b4 Filesystem access.
pkgs/python/[email protected]/docs_src/events/tutorial002_py310.py:8
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a5781dc699d163e Filesystem access.
pkgs/python/[email protected]/docs_src/generate_clients/tutorial004_py310.py:5
openapi_content = json.loads(file_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3388b2071596acb8 Filesystem access.
pkgs/python/[email protected]/docs_src/generate_clients/tutorial004_py310.py:15
file_path.write_text(json.dumps(openapi_content))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d4866b0515720841 Filesystem access.
pkgs/python/[email protected]/scripts/add_latest_release_date.py:12
    with open(RELEASE_NOTES_FILE) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #60c8865edea5e3c2 Filesystem access.
pkgs/python/[email protected]/scripts/add_latest_release_date.py:31
        with open(RELEASE_NOTES_FILE, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #c8933cc962f82d06 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/contributors.py:129
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #66d43b86241f1d4f Filesystem access.
pkgs/python/[email protected]/scripts/contributors.py:227
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5f11ed317d6ae381 Filesystem access.
pkgs/python/[email protected]/scripts/contributors.py:233
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c63a88bdff01d2fe Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:105
    return yaml.unsafe_load(en_config_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #29b3ef5ac1d59530 Environment-variable access.
pkgs/python/[email protected]/scripts/docs.py:129
    os.environ["DYLD_FALLBACK_LIBRARY_PATH"] = "/opt/homebrew/lib"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5f7d49a88c7a406c Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:143
    new_llm_prompt_path.write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ae15fb4d889276a4 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:223
    missing_translation = (docs_path / "missing-translation.md").read_text(
        encoding="utf-8"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #12f99a7d32a4bf1f Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:229
    translation_banner = translation_banner_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #365ec0b5398953cd Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:236
                markdown = translated_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #367952bbd8256899 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:238
                    staged_file.write_text(markdown, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5c4237ddec59b43c Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:242
                staged_file.write_text(
                    add_markdown_notice(markdown, banner), encoding="utf-8"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7c3233ce9df8b535 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:246
                markdown = staged_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7afdf769fedcedf3 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:247
                staged_file.write_text(
                    add_markdown_notice(markdown, missing_translation),
                    encoding="utf-8",
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0c836fb9438aecf9 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:277
    config_path.write_text(
        yaml.dump(config, sort_keys=False, width=200, allow_unicode=True),
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7e44529d99d0eb96 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:295
    config = yaml.unsafe_load(config_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #472e9be8ba18d6d6 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:349
    content = en_index.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #53d6c5e05da09e28 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:355
    sponsors = yaml.safe_load(sponsors_data_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #15a66135444fda75 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:384
    old_content = readme_path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9f78baf4a1722178 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:389
        readme_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c51fc2682983baba Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:430
        en_config_path.write_text(
            yaml.dump(updated_config, sort_keys=False, width=200, allow_unicode=True),
            encoding="utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7ebcee693842c71e Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:488
        language_names_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #21532b368ed159f8 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:542
    sponsors = yaml.safe_load(sponsors_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c5452fe0efb18cab Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:553
    old_content = partial_path.read_text("utf-8") if partial_path.is_file() else ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b6ef5340cfc0b43c Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:558
        partial_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ea69eedf0a7eb567 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:609
    base_content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f98bf4e950634e20 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:657
        version_file.write_text(content_format, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #38bccfaceeeba6be Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:713
        content = md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #de80a79b7bd8a92f Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:720
            md_file.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #85c8c3b77e620ee6 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:735
        all_docs_content += md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #e3b2d34b4a4afe8f Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/notify_translations.py:218
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #805b7954f9ec9124 Filesystem access.
pkgs/python/[email protected]/scripts/notify_translations.py:319
    contents = settings.github_event_path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #35987fb4a9dcb406 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/people.py:202
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #761055e7d18491a6 Filesystem access.
pkgs/python/[email protected]/scripts/people.py:384
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #823f596f27f2ccdf Filesystem access.
pkgs/python/[email protected]/scripts/people.py:390
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #16e61b7a47e90b0e Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:146
    version_file_content = version_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5ab767b22aacbfc3 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:147
    release_notes_content = release_notes_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e7a5d50360655e1c Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:152
    version_file.write_text(
        update_version_file(version_file_content, version, version_file)
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d3f2812d315bf1a8 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:155
    release_notes_file.write_text(
        update_release_notes(
            release_notes_content, version, parsed_release_date, release_notes_file
        )
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #29adf4840f6afa96 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:178
    typer.echo(get_current_version(version_file.read_text(), version_file))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b39e021d7e1f8bfd Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:206
    version = get_current_version(version_file.read_text(), version_file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b99e889efb696725 Filesystem access.
pkgs/python/[email protected]/scripts/prepare_release.py:209
            release_notes_file.read_text(), version, release_notes_file

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #f43a07caef93025e Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/sponsors.py:100
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #8e3274933d27cfc7 Filesystem access.
pkgs/python/[email protected]/scripts/sponsors.py:148
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #22494bd743848334 Filesystem access.
pkgs/python/[email protected]/scripts/sponsors.py:154
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #18b6457b6117cd2d Filesystem access.
pkgs/python/[email protected]/scripts/topic_repos.py:52
    repos_old_content = repos_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #75da4b9afa1cd27d Filesystem access.
pkgs/python/[email protected]/scripts/topic_repos.py:57
    repos_path.write_text(new_repos_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5439494d802b91a3 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:31
general_prompt = general_prompt_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7033e31264b6b9f5 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:38
    return yaml.safe_load(Path("docs/language_names.yml").read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0f07a0bb9c62288d Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:121
    lang_prompt_content = lang_prompt_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2f93cf2a71cdf47b Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:129
    original_content = en_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cc238e9f0255ad26 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:133
        old_translation = out_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #be534b424a3b5a09 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:178
    out_path.write_text(out_content, encoding="utf-8", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #71c06f25ca8c35b3 Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:81
        doc_lines = path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b502d8d725de12dd Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:82
        en_doc_lines = en_doc_path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4f444572a4dc325a Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:94
        path.write_text("\n".join(doc_lines), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gitpython

python dependency
expand_more 55 low-confidence finding(s)
low env_fs dependency Excluded from app score #67718b5b683ef13e Filesystem access.
pkgs/python/[email protected]/doc/source/conf.py:50
with open(os.path.join(os.path.dirname(__file__), "..", "..", "VERSION")) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fff882f1dd08655f Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:663
    GIT_PYTHON_TRACE = os.environ.get("GIT_PYTHON_TRACE", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c12d8782c723dec Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:779
            new_git = os.environ.get(cls._git_exec_env_var, cls.git_exec_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95b8a842dc3c6afb Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:828
                mode = os.environ.get(cls._refresh_env_var, "raise").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f98f78e653e22b7 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:1256
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e6a6f03d3c9b9f9 Filesystem access.
pkgs/python/[email protected]/git/cmd.py:1278
        stdout_sink = PIPE if with_stdout else getattr(subprocess, "DEVNULL", None) or open(os.devnull, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a81ddcb33cf63b9a Environment-variable access.
pkgs/python/[email protected]/git/config.py:259
        config_home = os.environ.get("XDG_CONFIG_HOME") or osp.join(os.environ.get("HOME", "~"), ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fb9ae546e5a150b Filesystem access.
pkgs/python/[email protected]/git/config.py:650
                    with open(file_path, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e722e47e6791698 Filesystem access.
pkgs/python/[email protected]/git/config.py:768
            with open(fp, "wb") as fp_open:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9fb9d7e2510e83d Filesystem access.
pkgs/python/[email protected]/git/index/base.py:705
                return open(filepath, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fed2c9110b8cecc0 Filesystem access.
pkgs/python/[email protected]/git/index/base.py:1180
        with open(self._commit_editmsg_filepath(), "wb") as commit_editmsg_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c93df0021c31048 Filesystem access.
pkgs/python/[email protected]/git/index/base.py:1187
        with open(self._commit_editmsg_filepath(), "rb") as commit_editmsg_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2d24b0ee74622ef Environment-variable access.
pkgs/python/[email protected]/git/index/fun.py:89
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e8285912046edfc Environment-variable access.
pkgs/python/[email protected]/git/objects/commit.py:664
        env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d106a66a283d43a8 Filesystem access.
pkgs/python/[email protected]/git/objects/submodule/base.py:428
        with open(git_file, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #075218d8fc464ab3 Filesystem access.
pkgs/python/[email protected]/git/refs/log.py:267
        with open(filepath, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74eac2a04af46004 Filesystem access.
pkgs/python/[email protected]/git/refs/log.py:363
            fd = open(filepath, "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abdc1ecd479323e1 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:152
            with open(cls._get_packed_refs_path(repo), "rt", encoding="UTF-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1362542591af8ef1 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:265
            with open(os.path.join(repodir, ref_path), "rt", encoding="UTF-8") as fp:  # type: ignore[arg-type]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #034ff55bfa135753 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:668
                with open(pack_file_path, "rb") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec69b546da77ab94 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:696
                    with open(pack_file_path, "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b43a635c6b4c160 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:738
            with open(abs_ref_path, "rb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #328a924cd0afe3ab Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:822
                with open(new_abs_path, "rb") as fd1:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e642f2227a13cd6 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:824
                with open(cur_abs_path, "rb") as fd2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00efd5827d08a81e Filesystem access.
pkgs/python/[email protected]/git/remote.py:915
        with open(fetch_head.abspath, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6ba855730c2f481 Environment-variable access.
repo/base.py:216
        epath = path or os.getenv("GIT_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3040cef0c0ca612d Environment-variable access.
repo/base.py:252
                if "GIT_WORK_TREE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccb69c6017a7ffc7 Environment-variable access.
repo/base.py:253
                    self._working_tree_dir = os.getenv("GIT_WORK_TREE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edc940602818b3fd Filesystem access.
repo/base.py:257
                    with open(osp.join(git_dir, "gitdir")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c61a06ce522aedc Environment-variable access.
repo/base.py:280
                if os.environ.get("GIT_COMMON_DIR") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e14f9a72a6a53dcb Environment-variable access.
repo/base.py:284
                if "GIT_WORK_TREE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8afa19f7fde15ec Environment-variable access.
repo/base.py:285
                    self._working_tree_dir = os.getenv("GIT_WORK_TREE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55a3d4c72d6189c0 Filesystem access.
repo/base.py:321
            common_dir = (Path(self.git_dir) / "commondir").read_text().splitlines()[0].strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f998aee990775aaf Filesystem access.
repo/base.py:382
        with open(filename, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #244081506bbc78a2 Filesystem access.
repo/base.py:388
        with open(filename, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea8216f176213040 Environment-variable access.
repo/base.py:663
            config_home = os.environ.get("XDG_CONFIG_HOME") or osp.join(os.environ.get("HOME", "~"), ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0097b240a7d52f30 Filesystem access.
repo/base.py:922
            with open(alternates_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c60882f69d68fc1a Filesystem access.
repo/base.py:945
            with open(alternates_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ade08b9f180da995 Filesystem access.
repo/base.py:1661
        with open(rebase_head_file, "rt") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1488776f5f0c6fb Filesystem access.
repo/fun.py:55
    with open(filename, "ab"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a29fc19225a5ecb Environment-variable access.
repo/fun.py:69
        if (osp.isdir(osp.join(d, "objects")) or "GIT_OBJECT_DIRECTORY" in os.environ) and osp.isdir(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55020109cddd7c91 Filesystem access.
repo/fun.py:93
        lines = Path(dotgit).read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be4c4763a64c32e7 Filesystem access.
repo/fun.py:108
        with open(d) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89443c762b6cd949 Environment-variable access.
pkgs/python/[email protected]/git/util.py:122
        value = os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6db3dd2988563a8 Environment-variable access.
pkgs/python/[email protected]/git/util.py:201
    old_value = os.getenv(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdeaf4564978a35b Environment-variable access.
pkgs/python/[email protected]/git/util.py:202
    os.environ[name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b90baaee68307b93 Environment-variable access.
pkgs/python/[email protected]/git/util.py:207
            del os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57356a1e1ea1f2c7 Environment-variable access.
pkgs/python/[email protected]/git/util.py:209
            os.environ[name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac6804b8ec414b63 Environment-variable access.
pkgs/python/[email protected]/git/util.py:338
    PATHEXT = os.environ.get("PATHEXT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b93e0982a86feb7e Environment-variable access.
pkgs/python/[email protected]/git/util.py:374
        path = os.environ["PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1354991bb9b14263 Environment-variable access.
pkgs/python/[email protected]/git/util.py:865
                val = os.environ[evar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #910a20f2e62ad6fe Filesystem access.
pkgs/python/[email protected]/git/util.py:1051
            with open(lock_file, mode="w"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3a46706b9169782 Filesystem access.
pkgs/python/[email protected]/setup.py:14
    return (Path(__file__).parent / path).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f43e1842fb613101 Filesystem access.
pkgs/python/[email protected]/setup.py:49
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04a018e4e6afce0e Filesystem access.
pkgs/python/[email protected]/setup.py:59
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-api-python-client

python dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #32ebf7e6c77d07d7 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:430
    if "REMOTE_ADDR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c47fa549d053997 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:431
        actual_url = _add_query_parameter(url, "userIp", os.environ["REMOTE_ADDR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2136bfad97f83584 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:573
        universe_domain_env = os.getenv(GOOGLE_CLOUD_UNIVERSE_DOMAIN, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48c2adf2f704ee02 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:656
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21b7eec4278b3953 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:703
            use_mtls_endpoint = os.getenv(GOOGLE_API_USE_MTLS_ENDPOINT, "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30dac974bbb71eb1 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery_cache/__init__.py:37
    if "GAE_ENV" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c34d353e3f51214 Filesystem access.
pkgs/python/[email protected]/googleapiclient/discovery_cache/__init__.py:72
        with open(os.path.join(DISCOVERY_DOC_DIR, doc_name), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #996b44d09e9835dc Filesystem access.
pkgs/python/[email protected]/googleapiclient/http.py:594
        self._fd = open(self._filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e24be72ed7003530 Filesystem access.
pkgs/python/[email protected]/googleapiclient/http.py:1735
            with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #154da9550ceb80d1 Filesystem access.
pkgs/python/[email protected]/googleapiclient/sample_tools.py:104
        with open(discovery_filename) as discovery_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d46eb0e87c631fc Filesystem access.
pkgs/python/[email protected]/setup.py:52
with io.open(readme_filename, encoding="utf-8") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b942166640c6b9cc Filesystem access.
pkgs/python/[email protected]/setup.py:58
with open(os.path.join(package_root, "googleapiclient/version.py")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-auth-httplib2

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #f3d977f80aaeedfa Filesystem access.
pkgs/python/[email protected]/setup.py:26
with io.open("README.rst", "r") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-auth-oauthlib

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #f5b61a2304065f4d Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/flow.py:198
        with open(client_secrets_file, "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e268a23c53923bf Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/helpers.py:94
    with open(client_secrets_file, "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b1cf44110359093 Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/tool/__main__.py:113
        with open(credentials, "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e9140522ee775fc Filesystem access.
pkgs/python/[email protected]/setup.py:31
with io.open("README.rst", "r") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-cloud-recaptcha-enterprise

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #6be9156525bd6da7 Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:175
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bf77ebce54d619b Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:466
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a41603641407f1d5 Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:507
        use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad7671bd95dcd7dd Environment-variable access.
pkgs/python/[email protected]/google/cloud/recaptchaenterprise_v1/services/recaptcha_enterprise_service/client.py:508
        universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c0b874a6296eabb Filesystem access.
pkgs/python/[email protected]/setup.py:31
with open(
    os.path.join(package_root, "google/cloud/recaptchaenterprise/gapic_version.py")
) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e128b4c2224f9bd7 Filesystem access.
pkgs/python/[email protected]/setup.py:60
with io.open(readme_filename, encoding="utf-8") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-genai

python dependency
expand_more 37 low-confidence finding(s)
low env_fs dependency Excluded from app score #ced1d5bd21f8eae1 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:110
  env_google_api_key = os.environ.get('GOOGLE_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d79b924f11519fc6 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:111
  env_gemini_api_key = os.environ.get('GEMINI_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f8099635c51eb58 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:616
      env_enterprise_str = os.environ.get('GOOGLE_GENAI_USE_ENTERPRISE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f6002ce66ad61d0 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:617
      env_vertexai_str = os.environ.get('GOOGLE_GENAI_USE_VERTEXAI', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00844e3683e838aa Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:677
    env_project = os.environ.get('GOOGLE_CLOUD_PROJECT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06427fef639b7809 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:678
    env_location = os.environ.get('GOOGLE_CLOUD_LOCATION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #520fb66898bfb857 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1046
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #159cd5ad5d04bc4b Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1047
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #755f4a4ce3bbe5c1 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1100
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2436bdc64fba9190 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1101
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a260c0e711aca1a Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1158
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #112ea08ee5302152 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:1159
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7345647714c8a3eb Filesystem access.
pkgs/python/[email protected]/google/genai/_api_client.py:1764
      with open(file_path, 'rb') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1d54d7a4545d16b Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:48
    return _default_base_vertex_url or os.getenv('GOOGLE_VERTEX_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0fd4d3920ab0f5c Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:50
    return _default_base_gemini_url or os.getenv('GOOGLE_GEMINI_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5118827731cb82b Filesystem access.
pkgs/python/[email protected]/google/genai/_gaos/types/base64fileinput.py:39
            with open(value, "rb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56e3d4d81455b5bc Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/logger.py:40
    if os.getenv("GOOGLE_GENAI_DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b54d6aa2d06efccb Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:95
    if os.getenv("GOOGLE_GENAI_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59947eb9c509edcf Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:96
        security_dict["api_key"] = os.getenv("GOOGLE_GENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae0c0568921f99d9 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:98
    if os.getenv("GOOGLE_GENAI_ACCESS_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cdb13ff0308c0f5 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:99
        security_dict["access_token"] = os.getenv("GOOGLE_GENAI_ACCESS_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3e9d55566dc6610 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:101
    if os.getenv("GOOGLE_GENAI_DEFAULT_HEADERS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18d5eccf544af3a6 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/security.py:102
        security_dict["default_headers"] = os.getenv("GOOGLE_GENAI_DEFAULT_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dcb06d7a177f223 Environment-variable access.
pkgs/python/[email protected]/google/genai/_gaos/utils/values.py:79
    env_value = os.getenv(env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fc9304578d526b5 Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:111
  with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d754c3dd617ec369 Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:128
    with open(tmp_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #892f4212d635b5ed Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:223
      os.environ.get('PYTEST_CURRENT_TEST'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #485c27e08cdb0d3b Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:315
      self.replays_directory = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d34888230585397 Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:315
      self.replays_directory = os.environ.get(
          'GOOGLE_GENAI_REPLAYS_DIRECTORY', None
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3066626057fece7e Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:359
      with open(replay_file_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7149680b406d39b Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:386
    with open(replay_file_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bbe720edc389fb6 Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:197
      default_factory=lambda: os.getenv('GOOGLE_GENAI_CLIENT_MODE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f5fef686a987c4d Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:201
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAYS_DIRECTORY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b62aad4b4625804 Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:205
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAY_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e23cb3548b0b3c5 Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:9036
    image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b895485bfe168c79 Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:11421
    video_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d360b05748c6127 Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:22491
    with open(file_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gspread

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #ac0acea48bda9575 Environment-variable access.
pkgs/python/[email protected]/gspread/auth.py:52
        return Path(os.environ["APPDATA"], config_dir_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fee8b6eeba37f787 Filesystem access.
pkgs/python/[email protected]/gspread/auth.py:208
        with open(credentials_filename) as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

html2text

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #42a7f53dbc9f6567 Filesystem access.
pkgs/python/[email protected]/html2text/cli.py:285
        with open(args.filename, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #efde111f77ce0f78 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:34
        if trust_env and os.environ.get("SSL_CERT_FILE"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31b4cae65837491b Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:35
            ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1033109734681a32 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:36
        elif trust_env and os.environ.get("SSL_CERT_DIR"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd37df756391ef9d Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:37
            ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx-aiohttp

python dependency
expand_more 15 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #c5e536a6ad937a5a Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/blacksheep/script.py:14
SERVER_URL = os.getenv("SERVER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #68b38db01fd2a14d Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/blacksheep/script.py:15
REQUESTS_COUNT = int(os.getenv("REQUESTS_COUNT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #da102b605ad1f95d Filesystem access.
pkgs/python/[email protected]/benchmarks/client/blacksheep/script.py:30
    with open(
        "report.json",
        "w",
    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #39cac0c95d09a72f Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx-aiohttp/script.py:19
SERVER_URL = os.getenv("SERVER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #90aeecad763b57b8 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx-aiohttp/script.py:20
REQUESTS_COUNT = int(os.getenv("REQUESTS_COUNT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c663901b0b0ec739 Filesystem access.
pkgs/python/[email protected]/benchmarks/client/httpx-aiohttp/script.py:36
    with open(
        "report.json",
        "w",
    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c0ed7826fbeaa918 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx/script.py:14
SERVER_URL = os.getenv("SERVER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8cc653e28b1435d2 Environment-variable access.
pkgs/python/[email protected]/benchmarks/client/httpx/script.py:15
REQUESTS_COUNT = int(os.getenv("REQUESTS_COUNT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2d7dd92885f59747 Filesystem access.
pkgs/python/[email protected]/benchmarks/client/httpx/script.py:33
    with open(
        "report.json",
        "w",
    ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e3413efc516014d0 Filesystem access.
pkgs/python/[email protected]/benchmarks/reporter.py:28
    with open(report_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #eb034aebca943c62 Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:42
    report_str.append(f"**PR Number**: {os.getenv('PR_NUMBER')}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ec1ea0032a0ce8ad Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:63
    repo_owner = os.getenv("GITHUB_REPOSITORY_OWNER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2b349efdd53b4ff5 Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:64
    repo_name = os.getenv("GITHUB_REPOSITORY").split("/")[1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f9b048b3fb640ba1 Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:65
    pr_number = os.getenv("PR_NUMBER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6d78194d0d569a3b Environment-variable access.
pkgs/python/[email protected]/benchmarks/reporter.py:66
    token = os.getenv("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ipywidgets

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #59499639221ec2ab Filesystem access.
pkgs/python/[email protected]/ipywidgets/embed.py:318
        with open(fp, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa109e4953aa663a Environment-variable access.
pkgs/python/[email protected]/ipywidgets/widgets/widget.py:36
    if name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2da23eb2116dc03d Environment-variable access.
pkgs/python/[email protected]/ipywidgets/widgets/widget.py:37
        return os.environ[name].lower() not in ['no', 'n', 'false', 'off', '0', '0.0']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4d36d5adf447ad1 Filesystem access.
pkgs/python/[email protected]/ipywidgets/widgets/widget_media.py:94
            with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jinja2

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #08d304d06f648cb9 Filesystem access.
pkgs/python/[email protected]/src/jinja2/bccache.py:270
            f = open(filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66ecc4675de11dd1 Filesystem access.
pkgs/python/[email protected]/src/jinja2/environment.py:860
                with open(os.path.join(target, filename), "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd581f6436942559 Filesystem access.
pkgs/python/[email protected]/src/jinja2/environment.py:1611
            real_fp: t.IO[bytes] = open(fp, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cf3248d68a63518 Filesystem access.
pkgs/python/[email protected]/src/jinja2/loaders.py:214
        with open(filename, encoding=self.encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d73da8799a234546 Filesystem access.
pkgs/python/[email protected]/src/jinja2/loaders.py:382
            with open(p, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #368bdde89ea8db94 Filesystem access.
pkgs/python/[email protected]/src/jinja2/utils.py:171
    return open(filename, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

joblib

python dependency
expand_more 30 low-confidence finding(s)
low env_fs dependency Excluded from app score #067c2556613c3d0a Environment-variable access.
pkgs/python/[email protected]/conftest.py:73
    DEFAULT_BACKEND = os.environ.get("JOBLIB_TESTS_DEFAULT_PARALLEL_BACKEND", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97e684a50abc002e Environment-variable access.
pkgs/python/[email protected]/conftest.py:110
        os.environ.get(k) is None for k in ParallelBackendBase.MAX_NUM_THREADS_VARS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6bb2222b6cd16b8 Environment-variable access.
pkgs/python/[email protected]/joblib/__init__.py:163
os.environ.setdefault("KMP_INIT_AT_FORK", "FALSE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #897081c7a3f3bda1 Environment-variable access.
pkgs/python/[email protected]/joblib/_memmapping_reducer.py:209
        temp_folder = os.environ.get("JOBLIB_TEMP_FOLDER", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ff34e7e22b989c9 Environment-variable access.
pkgs/python/[email protected]/joblib/_multiprocessing_helpers.py:13
mp = int(os.environ.get("JOBLIB_MULTIPROCESSING", 1)) or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #374d7586b4d17fb3 Environment-variable access.
pkgs/python/[email protected]/joblib/_parallel_backends.py:238
                var_value = os.environ.get(var, default_n_threads)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de7f6b46be7d9003 Environment-variable access.
pkgs/python/[email protected]/joblib/_parallel_backends.py:244
        if self.TBB_ENABLE_IPC_VAR not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1556031678289e46 Filesystem access.
pkgs/python/[email protected]/joblib/_store_backends.py:480
                with open(gitignore, "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34e58209b0c9ecce Filesystem access.
pkgs/python/[email protected]/joblib/compressor.py:289
            self._fp = io.open(filename, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e980877a896727 Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:151
        with open(cpu_max_fname) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c6b210600fae981 Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:156
        with open(cfs_quota_fname) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ced2906682c63f20 Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:158
        with open(cfs_period_fname) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d6cf5b56de2b957 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:199
            and os.environ.get("LOKY_MAX_CPU_COUNT") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9374dc8247148263 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/context.py:222
    cpu_count_loky = int(os.environ.get("LOKY_MAX_CPU_COUNT", os_cpu_count))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9cdf8369cfd777a Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/fork_exec.py:21
    env = {**os.environ, **env}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c64fcbfcd6ea8f53 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/popen_loky_win32.py:73
        child_env = {**os.environ, **process_obj.env}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfd69dbf15946775 Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/popen_loky_win32.py:83
        with open(wfd, "wb") as to_child:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dec8bd3f1a9dd016 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/backend/reduction.py:89
ENV_LOKY_PICKLER = os.environ.get("LOKY_PICKLER", DEFAULT_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80b551ac2bfd6757 Filesystem access.
pkgs/python/[email protected]/joblib/externals/loky/backend/resource_tracker.py:284
        with open(fd, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f812afa1a43318a6 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/process_executor.py:93
MAX_DEPTH = int(os.environ.get("LOKY_MAX_DEPTH", 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bba86d4786163e6 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/process_executor.py:382
    if "PYTHONFAULTHANDLER" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccea3d3b17314991 Environment-variable access.
pkgs/python/[email protected]/joblib/externals/loky/process_executor.py:388
            f"PYTHONFAULTHANDLER={os.environ['PYTHONFAULTHANDLER']}."

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83400dd22c09d54a Filesystem access.
pkgs/python/[email protected]/joblib/logger.py:125
                with open(logfile, "w") as logfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb1900121c42cba9 Filesystem access.
pkgs/python/[email protected]/joblib/logger.py:150
                with open(self.logfile, "a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b33cbcd6dd076a3 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle.py:599
        with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02b4e7a70e9736cf Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle.py:650
    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4df7c76fbe4e2cf4 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle.py:735
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa6936d246ae3048 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle_compat.py:156
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c53f3e7183f185e8 Filesystem access.
pkgs/python/[email protected]/joblib/numpy_pickle_compat.py:230
    with open(filename, "rb") as file_handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c3c36e76ad42f0b Environment-variable access.
pkgs/python/[email protected]/joblib/parallel.py:581
    method = os.environ.get("JOBLIB_START_METHOD", "").strip() or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jupyter-kernel-gateway

python dependency
expand_more 33 low-confidence finding(s)
low env_fs dependency Excluded from app score #c1dd63232d340a6c Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:92
        return int(os.getenv(self.port_env, self.port_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #168addac1e5cb100 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:104
        return int(os.getenv(self.port_retries_env, self.port_retries_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdd9196344ce35d2 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:114
        return os.getenv(self.ip_env, self.ip_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cfedaf9f41f4fab Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:127
        return os.getenv(self.base_url_env, self.base_url_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3109cf28070fde2e Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:137
        return os.getenv(self.auth_token_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12a8d20863347e3c Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:148
        return os.getenv(self.allow_credentials_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55e77dfc48aabdff Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:157
        return os.getenv(self.allow_headers_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0597f901b7f4da03 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:166
        return os.getenv(self.allow_methods_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #644ddb06f9fabeee Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:175
        return os.getenv(self.allow_origin_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d470ef5e3a1f1a9 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:185
        return os.getenv(self.expose_headers_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95d3f2eab312102d Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:196
        return os.getenv(self.trust_xheaders_env, "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70a90efb2d4e0a18 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:205
        return os.getenv(self.max_age_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05f3f7a8cbfc2a18 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:217
        val = os.getenv(self.max_kernels_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d911473ffd3fc191 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:230
        return os.getenv(self.seed_uri_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c56bb3e9d76e72a2 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:242
        val = os.getenv(self.prespawn_count_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffd07ae26c33e415 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:254
        return os.getenv(self.default_kernel_name_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0949c4b3a526a89c Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:264
        return os.getenv(self.force_kernel_name_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ad23e539d5d1aaf Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:274
        return os.getenv(self.env_process_whitelist_env, "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4af2fa0be75ea57f Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:290
        return os.getenv(self.api_env, self.api_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3498d31c8a09698 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:310
        return os.getenv(self.certfile_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #440ad9fa3b4d999b Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:322
        return os.getenv(self.keyfile_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13ab1c7cdca76d45 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:334
        return os.getenv(self.client_ca_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6134dc8cc26bfbda Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:347
        ssl_from_env = os.getenv(self.ssl_version_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb085166bbba52bf Filesystem access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:373
            with open(self.cookie_secret_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9a3cad78752cca1 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:407
        return int(os.getenv(self.ws_ping_interval_env, self.ws_ping_interval_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acb779965971911e Filesystem access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:495
            with open(path) as nb_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6eca9b2b9f0cbfe Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/jupyter_websocket/__init__.py:34
        return os.getenv(self.list_kernels_env, "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcc8ab86d9ae5b50 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/jupyter_websocket/__init__.py:45
        return os.getenv(self.env_whitelist_env, "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a096bfeb3dcc63d Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:37
        return os.getenv(self.cell_parser_env, "kernel_gateway.notebook_http.cell.parser")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00d517439b8547b8 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:52
        return os.getenv(self.allow_notebook_download_env, "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e559e73866826a1 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:64
        return os.getenv(self.static_path_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7a29f3a26bf358e Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/services/kernels/handlers.py:57
            env = {"PATH": os.getenv("PATH", "")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddc9fef22c6bdb81 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/services/kernels/handlers.py:62
                    for key, value in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jupyter_kernel_gateway

python dependency
expand_more 33 low-confidence finding(s)
low env_fs dependency Excluded from app score #09ced7a1f0e4f8c2 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:92
        return int(os.getenv(self.port_env, self.port_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2de5d51ad51d6d77 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:104
        return int(os.getenv(self.port_retries_env, self.port_retries_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8db65195646f685b Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:114
        return os.getenv(self.ip_env, self.ip_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #975964a351237ad3 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:127
        return os.getenv(self.base_url_env, self.base_url_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e457fd8fd3198d7 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:137
        return os.getenv(self.auth_token_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c89e0166c905475d Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:148
        return os.getenv(self.allow_credentials_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cfd9ffb85bae85a Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:157
        return os.getenv(self.allow_headers_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e315b64a7ce61112 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:166
        return os.getenv(self.allow_methods_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b4c5f67d4b075d2 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:175
        return os.getenv(self.allow_origin_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61c9815f8708d444 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:185
        return os.getenv(self.expose_headers_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d88f5989b2dfd941 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:196
        return os.getenv(self.trust_xheaders_env, "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6f48a91ea5bef7f Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:205
        return os.getenv(self.max_age_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8fc98ba88976bf6 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:217
        val = os.getenv(self.max_kernels_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edb73a222079c019 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:230
        return os.getenv(self.seed_uri_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d92703029e14fb06 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:242
        val = os.getenv(self.prespawn_count_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #528a923e7967a1fd Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:254
        return os.getenv(self.default_kernel_name_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b10566e6a9c5e9a Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:264
        return os.getenv(self.force_kernel_name_env, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a69d81ed031c7926 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:274
        return os.getenv(self.env_process_whitelist_env, "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f5d85d474a8b709 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:290
        return os.getenv(self.api_env, self.api_default_value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #144401f725b3f508 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:310
        return os.getenv(self.certfile_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df974aa0e77367cc Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:322
        return os.getenv(self.keyfile_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #281b6e0482270ff7 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:334
        return os.getenv(self.client_ca_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71f1d9c605d14e8f Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:347
        ssl_from_env = os.getenv(self.ssl_version_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4660c81592d7c5b Filesystem access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:373
            with open(self.cookie_secret_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4b25be31e6cbfbd Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:407
        return int(os.getenv(self.ws_ping_interval_env, self.ws_ping_interval_default_value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2765f6e9f8d2b190 Filesystem access.
pkgs/python/[email protected]/kernel_gateway/gatewayapp.py:495
            with open(path) as nb_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6546bb32b49f4a2 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/jupyter_websocket/__init__.py:34
        return os.getenv(self.list_kernels_env, "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec674ef33307152a Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/jupyter_websocket/__init__.py:45
        return os.getenv(self.env_whitelist_env, "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #486f655e960c4747 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:37
        return os.getenv(self.cell_parser_env, "kernel_gateway.notebook_http.cell.parser")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #226340ae523911aa Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:52
        return os.getenv(self.allow_notebook_download_env, "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de9fd321d408fe35 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/notebook_http/__init__.py:64
        return os.getenv(self.static_path_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddeae8d6cd79e5b0 Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/services/kernels/handlers.py:57
            env = {"PATH": os.getenv("PATH", "")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5c0b7815240971d Environment-variable access.
pkgs/python/[email protected]/kernel_gateway/services/kernels/handlers.py:62
                    for key, value in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

kubernetes

python dependency
expand_more 58 low-confidence finding(s)
low env_fs dependency Excluded from app score #070393fb17c54082 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/client/api_client.py:501
                    with open(n, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44e4c3e87ff01535 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/client/api_client.py:612
        with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cebe095bb64684da Environment-variable access.
pkgs/python/[email protected]/kubernetes/aio/config/exec_provider.py:44
        self.env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecbc05dd55bcce6f Environment-variable access.
pkgs/python/[email protected]/kubernetes/aio/config/incluster_config.py:42
                 environ=os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e7076c01aa39af0 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/incluster_config.py:81
        with open(self._cert_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b880b8a0735f646 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/incluster_config.py:103
        with open(self._token_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7286267eaf95a399 Environment-variable access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:38
KUBE_CONFIG_DEFAULT_LOCATION = os.environ.get('KUBECONFIG', (pathlib.Path.home() / '.kube/config').as_posix())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffd971fbe7197467 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:97
        with open(name, 'wb') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #927f656f400eae3e Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:124
            with open(self._file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f35a03f4c9a2d1c Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:525
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #340b006c7bd24d20 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config.py:558
        with open(path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3feaabdce889df79 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:126
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b9c9d6e63eeb0d1 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:304
                        with open(v) as f1, open(other.__dict__[k]) as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc316c5e8d21b23f Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:326
                    with open(v) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f41f71b902793599 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:962
            with open(os.path.join(temp_dir, "cert_test"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e18a3f6798dd22f7 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:964
            with open(os.path.join(temp_dir, "client_cert"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #068f3155efaafe8a Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:966
            with open(os.path.join(temp_dir, "client_key"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4effd1bd2c73fb5 Filesystem access.
pkgs/python/[email protected]/kubernetes/aio/config/kube_config_test.py:968
            with open(os.path.join(temp_dir, "token_file"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dde710ad29a7268a Filesystem access.
pkgs/python/[email protected]/kubernetes/client/api_client.py:498
                    with open(n, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8ff52608033c9c9 Filesystem access.
pkgs/python/[email protected]/kubernetes/client/api_client.py:606
        with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c692ee7bf497c4b9 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:212
        if os.getenv("HTTPS_PROXY"): self.proxy = os.getenv("HTTPS_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e12ee77eac3d1a9d Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:213
        if os.getenv("https_proxy"): self.proxy = os.getenv("https_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #186db3d04b338dc4 Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:214
        if os.getenv("HTTP_PROXY"): self.proxy = os.getenv("HTTP_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1312b612eb5c1bed Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:215
        if os.getenv("http_proxy"): self.proxy = os.getenv("http_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb8af705b327b37e Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:217
        if os.getenv("NO_PROXY"): self.no_proxy = os.getenv("NO_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4a58459196b824f Environment-variable access.
pkgs/python/[email protected]/kubernetes/client/configuration.py:218
        if os.getenv("no_proxy"): self.no_proxy = os.getenv("no_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03343ceb4bcc30f3 Environment-variable access.
pkgs/python/[email protected]/kubernetes/config/exec_provider.py:48
        self.env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06e2fea899637bd7 Environment-variable access.
pkgs/python/[email protected]/kubernetes/config/incluster_config.py:42
                 environ=os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62b60bc176101f27 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/incluster_config.py:81
        with open(self._cert_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f41776b0ae2fa92 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/incluster_config.py:103
        with open(self._token_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4c5c21d5e1f812f Environment-variable access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:48
KUBE_CONFIG_DEFAULT_LOCATION = os.environ.get('KUBECONFIG', '~/.kube/config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #816dac5053ad433d Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:76
    with open(name, 'wb') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28c57df193b85c85 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:131
            with open(self._file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f38f8402bfa075b Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:392
            with open(ca_cert.name, 'w') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1fba6ceaf55daa2 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:670
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f4c53508c52ddff Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config.py:707
        with open(path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5507f772e8513200 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:164
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cac5bd235fa8a35 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:387
                        with open(v) as f1, open(other.__dict__[k]) as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d98f7d8d55a80df6 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:409
                    with open(v) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e43febd2868b2c2a Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1173
            with open(os.path.join(temp_dir, "cert_test"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c2b5d594edb4f14 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1175
            with open(os.path.join(temp_dir, "client_cert"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78b3d0614d0912a8 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1177
            with open(os.path.join(temp_dir, "client_key"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77bfffbf456c8f44 Filesystem access.
pkgs/python/[email protected]/kubernetes/config/kube_config_test.py:1179
            with open(os.path.join(temp_dir, "token_file"), "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d0ae06986e3f2ce Filesystem access.
pkgs/python/[email protected]/kubernetes/dynamic/discovery.py:60
                with open(self.__cache_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18dca749ca583804 Filesystem access.
pkgs/python/[email protected]/kubernetes/dynamic/discovery.py:75
            with open(self.__cache_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3333cf8abaaea7c0 Filesystem access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:55
    cfg_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9f9c8451418e437 Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:404
    cfg.proxy = os.getenv("HTTPS_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #770ebd0f7199500b Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:405
    cfg.no_proxy = os.getenv("NO_PROXY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3c88f57d9aea031 Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:414
    config.load_kube_config(config_file=os.environ["KUBECONFIG"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #817ee5a14d616a56 Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:418
    config.load_kube_config(config_file=os.environ["KUBECONFIG"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b484f6fe86906f5e Environment-variable access.
pkgs/python/[email protected]/kubernetes/stream/ws_client_test.py:428
    config.load_kube_config(config_file=os.environ["KUBECONFIG"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36414515c53b6675 Filesystem access.
pkgs/python/[email protected]/kubernetes/utils/create_from_yaml.py:175
        with open(os.path.abspath(yaml_file)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edf24bde226165e4 Filesystem access.
pkgs/python/[email protected]/setup-release.py:34
with open('requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29b60e5e2fa6f6e3 Filesystem access.
pkgs/python/[email protected]/setup-release.py:47
with open('test-requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2222cf4814d4b154 Filesystem access.
pkgs/python/[email protected]/setup-release.py:50
with open('requirements-asyncio.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f97bf5246cd29ea7 Filesystem access.
pkgs/python/[email protected]/setup-release.py:53
with open('test-requirements-asyncio.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d506eef5ad65307c Filesystem access.
pkgs/python/[email protected]/setup.py:34
with open('requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c539583a4ae568e9 Filesystem access.
pkgs/python/[email protected]/setup.py:47
with open('test-requirements.txt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

libtmux

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #5f858a1fa112717b Environment-variable access.
pkgs/python/[email protected]/src/libtmux/_internal/env.py:65
    return os.environ if env is None else env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15024a71ba2ab10c Environment-variable access.
pkgs/python/[email protected]/src/libtmux/formats.py:21
FORMAT_SEPARATOR = os.environ.get("LIBTMUX_TMUX_FORMAT_SEPARATOR", "␞")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7880df072194c95 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:25
USING_ZSH = "zsh" in os.getenv("SHELL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eced2196133abb13 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:56
    tmux_tmpdir = pathlib.Path(os.environ.get("TMUX_TMPDIR", "/tmp"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0412139697e623bd Filesystem access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:107
    c.write_text(
        """
set -g base-index 1
    """,
        encoding="utf-8",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8a50610606e7a63 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/pytest_plugin.py:122
    for k in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #293262d3097fd5b7 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/server.py:2324
        env = os.environ.get("TMUX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c8e14f3620b4394 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/server.py:2327
            del os.environ["TMUX"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dae67d7695a03c91 Environment-variable access.
pkgs/python/[email protected]/src/libtmux/server.py:2381
                os.environ["TMUX"] = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

limits

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #91b88d4b298ab726 Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:29
if branch_from_env := os.environ.get("READTHEDOCS_VERSION", None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68d77d9a3e305e17 Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:33
        "sha": os.environ.get("READTHEDOCS_GIT_COMMIT_HASH", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d90605692ce1181 Filesystem access.
pkgs/python/[email protected]/doc/source/ext/bench_chart.py:116
    with open(out_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e816d4c7cd5e5714 Filesystem access.
pkgs/python/[email protected]/limits/util.py:156
    return importlib.resources.files("limits").joinpath(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

memory-profiler

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #105f4861985f0355 Environment-variable access.
pkgs/python/[email protected]/memory_profiler.py:494
    path = os.getenv('PATH', os.defpath).split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c13f998e49c794c Filesystem access.
pkgs/python/[email protected]/memory_profiler.py:1015
            with open(text_file, 'w') as pfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8040ac348bccbe7f Filesystem access.
pkgs/python/[email protected]/memory_profiler.py:1251
        with io.open(filename, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fe94363ee5d7461 Filesystem access.
pkgs/python/[email protected]/memory_profiler.py:1356
            out_file = open(args.out_filename, "a")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d79c96807d38bbe1 Filesystem access.
pkgs/python/[email protected]/mprof.py:281
    with open(mprofile_output, "a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4e800146fbca2e1 Filesystem access.
pkgs/python/[email protected]/mprof.py:360
    f = open(filename, "r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

modal

python dependency
expand_more 81 low-confidence finding(s)
low env_fs dependency Excluded from app score #b9250ca72319b097 Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:47
    os.environ["NCCL_HOSTID"] = f"{hostname}{container_ip}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1c174ceec6f07de Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:51
    if os.environ["MODAL_CLOUD_PROVIDER"] in ("CLOUD_PROVIDER_GCP", "CLOUD_PROVIDER_OCI"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c3ec7286c2f399c Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:52
        os.environ["NCCL_SOCKET_NTHREADS"] = "4"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5b325a82c8916c0 Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:53
        os.environ["NCCL_NSOCKS_PERTHREAD"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a57db6f78da196f6 Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:54
    elif os.environ["MODAL_CLOUD_PROVIDER"] == "CLOUD_PROVIDER_AWS":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6a83981e5200cd4 Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:55
        os.environ["NCCL_SOCKET_NTHREADS"] = "2"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c727a72643fc4529 Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:56
        os.environ["NCCL_NSOCKS_PERTHREAD"] = "8"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4981c6817fedc04 Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:58
        os.environ["NCCL_SOCKET_NTHREADS"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57c4e0277d55202a Environment-variable access.
pkgs/python/[email protected]/modal/_clustered_functions.py:59
        os.environ["NCCL_NSOCKS_PERTHREAD"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73bbc114c21167be Environment-variable access.
pkgs/python/[email protected]/modal/_container_entrypoint.py:12
telemetry_socket = os.environ.get("MODAL_TELEMETRY_SOCKET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e91d208add3028a7 Environment-variable access.
pkgs/python/[email protected]/modal/_container_entrypoint.py:432
        function_def.is_checkpointing_function and os.environ.get("MODAL_ENABLE_SNAP_RESTORE") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56ad0ecfcb3ee2be Environment-variable access.
pkgs/python/[email protected]/modal/_container_entrypoint.py:481
    container_arguments_path: str | None = os.environ.get("MODAL_CONTAINER_ARGUMENTS_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6e142588a144ebe Filesystem access.
pkgs/python/[email protected]/modal/_container_entrypoint.py:484
    container_args.ParseFromString(open(container_arguments_path, "rb").read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4c0079eb1b61535 Filesystem access.
pkgs/python/[email protected]/modal/_image.py:213
    with open(LOCAL_REQUIREMENTS_DIR / "base-images.json") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66619037351f94bd Environment-variable access.
pkgs/python/[email protected]/modal/_image.py:295
        if (env_var := "MODAL_IMAGE_BUILDER_VERSION") in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c13a0091ea8c79d1 Filesystem access.
pkgs/python/[email protected]/modal/_image.py:367
                FilePatternMatcher(*dockerignore_file.read_text("utf8").splitlines())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d40f6067e5d9f917 Filesystem access.
pkgs/python/[email protected]/modal/_image.py:372
            cmds = dockerfile_path.read_text("utf8").splitlines() if dockerfile_path else dockerfile_cmds

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #303e5d2d41727ccb Filesystem access.
pkgs/python/[email protected]/modal/_image.py:383
            cmds = dockerfile_path.read_text("utf8").splitlines() if dockerfile_path else dockerfile_cmds

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59a43e07d8d686fe Filesystem access.
pkgs/python/[email protected]/modal/_image.py:648
                with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fe049da2b8797df Environment-variable access.
pkgs/python/[email protected]/modal/_image.py:715
                allow_global_deployment=os.environ.get("MODAL_IMAGE_ALLOW_GLOBAL_DEPLOYMENT") == "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2720fc2186b89a89 Filesystem access.
pkgs/python/[email protected]/modal/_image.py:1723
            with open(pyproject_toml) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa3d7f4ec3dd946d Filesystem access.
pkgs/python/[email protected]/modal/_image.py:2437
            with open(os.path.expanduser(path)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43635c61869fde2b Environment-variable access.
pkgs/python/[email protected]/modal/_output/pty.py:37
        env_term=os.environ.get("TERM"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9d504c480d3d0de Environment-variable access.
pkgs/python/[email protected]/modal/_output/pty.py:38
        env_colorterm=os.environ.get("COLORTERM"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1df20abb4489852 Environment-variable access.
pkgs/python/[email protected]/modal/_output/pty.py:39
        env_term_program=os.environ.get("TERM_PROGRAM"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fff41e3b7ab6b74 Filesystem access.
pkgs/python/[email protected]/modal/_output/rich.py:388
                with open(filename, encoding="utf-8", errors="replace") as code_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09d5d4a209791a6c Environment-variable access.
pkgs/python/[email protected]/modal/_runtime/user_code_imports.py:284
    if function_def.is_checkpointing_function and os.environ.get("MODAL_ENABLE_SNAP_RESTORE") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f208aa65a097f506 Filesystem access.
pkgs/python/[email protected]/modal/_utils/blob_utils.py:191
        data_file_readers = [open(filename, "rb") for _ in range(len(part_urls))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10ab36ebb0742b5e Filesystem access.
pkgs/python/[email protected]/modal/_utils/blob_utils.py:506
        lambda: open(filename, "rb"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef37558cbcf86bce Filesystem access.
pkgs/python/[email protected]/modal/_utils/blob_utils.py:564
            return open(filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e55d78148ff1027 Environment-variable access.
pkgs/python/[email protected]/modal/_utils/logger.py:43
log_level = os.environ.get("MODAL_LOGLEVEL", "WARNING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49586cb875be99e3 Environment-variable access.
pkgs/python/[email protected]/modal/_utils/logger.py:44
log_format = os.environ.get("MODAL_LOG_FORMAT", "STRING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a77ed1eed40cf3e9 Environment-variable access.
pkgs/python/[email protected]/modal/_vendor/a2wsgi_wsgi.py:486
    script_name_environ_var = os.environ.get("SCRIPT_NAME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bdc0a831178a6e9 Environment-variable access.
pkgs/python/[email protected]/modal/cli/_help.py:33
    env = os.environ.get("MODAL_RICH_CLI")  # TODO move to config

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aabf7a777f8026f Filesystem access.
pkgs/python/[email protected]/modal/cli/_traceback.py:29
            with open(filename, encoding="utf-8", errors="replace") as code_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #698e2ed71b6f3d93 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/modal/cli/changelog.py:24
    req = urllib.request.Request(CHANGELOG_URL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #bbbe48f82a6f7594 Environment-variable access.
pkgs/python/[email protected]/modal/cli/curl.py:24
    cache_root = Path(os.environ.get("XDG_CACHE_HOME", "~/.cache")).expanduser()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c839f76b4d8d3a4 Filesystem access.
pkgs/python/[email protected]/modal/cli/curl.py:51
        cache_data = json.loads(_cache_file_path().read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #534233cc2fba476c Filesystem access.
pkgs/python/[email protected]/modal/cli/curl.py:65
        cache_data = json.loads(cache_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c218a032b36c7a1a Environment-variable access.
pkgs/python/[email protected]/modal/cli/launch.py:35
    os.environ["MODAL_LAUNCH_ARGS"] = json.dumps(args)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4fb8407825670ca Environment-variable access.
pkgs/python/[email protected]/modal/cli/profile.py:80
    if "MODAL_TOKEN_ID" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bd3a633469107a7 Environment-variable access.
pkgs/python/[email protected]/modal/cli/profile.py:84
                os.environ.get("MODAL_TOKEN_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a6ac1f481196d87 Environment-variable access.
pkgs/python/[email protected]/modal/cli/profile.py:85
                os.environ.get("MODAL_TOKEN_SECRET"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb5d82e6340d63d Environment-variable access.
pkgs/python/[email protected]/modal/cli/programs/run_jupyter.py:16
args: dict[str, Any] = json.loads(os.environ.get("MODAL_LAUNCH_ARGS", "{}"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d355a6158397e31 Environment-variable access.
pkgs/python/[email protected]/modal/cli/programs/run_jupyter.py:82
            env={**os.environ, "JUPYTER_TOKEN": token, "SHELL": "/bin/bash"},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d76fb2168afc8e9 Environment-variable access.
pkgs/python/[email protected]/modal/cli/programs/vscode.py:16
args: dict[str, Any] = json.loads(os.environ.get("MODAL_LAUNCH_ARGS", "{}"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83983fb0ae9e49d6 Environment-variable access.
pkgs/python/[email protected]/modal/cli/programs/vscode.py:98
            env={**os.environ, "SHELL": "/bin/bash", "PASSWORD": token},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #185337d583fe5a74 Filesystem access.
pkgs/python/[email protected]/modal/cli/run.py:211
    with open(result_path, mode) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a60b9cecea62503f Environment-variable access.
pkgs/python/[email protected]/modal/cli/secret.py:208
            editor = os.getenv("EDITOR", "vi")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #396f8427a45589a6 Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:43
    content = _skill_resource().read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ca2c7e3e4a7df71 Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:69
        lines = (target_dir / "SKILL.md").read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87d87e3d172f83e1 Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:144
    (index_dir / "index.md").write_text(f"# {heading}\n\n" + "\n".join(kept).strip("\n") + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ee32c0b43617acf Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:171
        output_path.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78f498768a350247 Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:238
            content = raw_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb8f75ab1ab3e44e Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:242
            (api_dir / raw_file.name).write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f8814524ed6a2fa Filesystem access.
pkgs/python/[email protected]/modal/cli/skills.py:266
            (staging_dir / "SKILL.md").write_text(_skill_content_for_install())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9f6448c1576d73b Environment-variable access.
pkgs/python/[email protected]/modal/cli/token.py:73
    if os.environ.get("MODAL_TOKEN_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b763ddf2b8b16ef Environment-variable access.
pkgs/python/[email protected]/modal/cli/token.py:75
    if os.environ.get("MODAL_TOKEN_SECRET"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86f4ca1825333869 Environment-variable access.
pkgs/python/[email protected]/modal/config.py:114
user_config_path: str = os.environ.get("MODAL_CONFIG_PATH") or os.path.expanduser("~/.modal.toml")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e11fd1ef7d6e770f Environment-variable access.
pkgs/python/[email protected]/modal/config.py:122
    return os.environ.get("MODAL_IS_REMOTE") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c79a6bc17052e948 Environment-variable access.
pkgs/python/[email protected]/modal/config.py:134
    if agent := os.environ.get("AGENT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4043e47316190acb Environment-variable access.
pkgs/python/[email protected]/modal/config.py:150
        if os.environ.get(env_var):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92ec077fd7de7ba0 Filesystem access.
pkgs/python/[email protected]/modal/config.py:163
            with open(user_config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eef81ef65e738adc Environment-variable access.
pkgs/python/[email protected]/modal/config.py:242
_profile = os.environ.get("MODAL_PROFILE") or _config_active_profile()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90ed0c6b904a9aad Environment-variable access.
pkgs/python/[email protected]/modal/config.py:345
        if use_env and env_var_key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9aa422e9be70088 Environment-variable access.
pkgs/python/[email protected]/modal/config.py:346
            return transform(os.environ[env_var_key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0c5f100aa932104 Environment-variable access.
pkgs/python/[email protected]/modal/config.py:358
            os.environ["MODAL_" + key.upper()] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bcad33d23bb34c8 Environment-variable access.
pkgs/python/[email protected]/modal/config.py:362
            os.environ[key.upper()] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d9d52c86fa6e77c Filesystem access.
pkgs/python/[email protected]/modal/config.py:410
    with open(user_config_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e48de834f2a99441 Environment-variable access.
pkgs/python/[email protected]/modal/experimental/flash.py:54
        self.task_id = os.environ["MODAL_TASK_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fb3679c3059aa51 Filesystem access.
pkgs/python/[email protected]/modal/file_pattern_matcher.py:201
            pattern_strings = Path(self._file_path).read_text("utf8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7509320796100b19 Environment-variable access.
pkgs/python/[email protected]/modal/sandbox.py:1368
        if os.environ.get("MODAL_USE_LEGACY_FILESYSTEM_SNAPSHOT") == "1" and not self._is_v2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91828278719bc512 Filesystem access.
pkgs/python/[email protected]/modal/sandbox_fs.py:115
        with open(local_path, "rb") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9df34dfd395ac2a7 Filesystem access.
pkgs/python/[email protected]/modal/sandbox_fs.py:223
                    with open(tmp_path, "wb") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #509b64478fdc4db7 Environment-variable access.
pkgs/python/[email protected]/modal/secret.py:322
                return _Secret.from_dict({k: os.environ[k] for k in env_keys})

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41026292d91350a5 Environment-variable access.
pkgs/python/[email protected]/modal/token_flow.py:141
        if "MODAL_PROFILE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb6240850bcbe729 Environment-variable access.
pkgs/python/[email protected]/modal/token_flow.py:142
            profile = os.environ["MODAL_PROFILE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db7ee1d5edcb1076 Environment-variable access.
pkgs/python/[email protected]/modal/token_flow.py:167
    env_vars = [var if os.environ.get(var) else None for var in ["MODAL_TOKEN_ID", "MODAL_TOKEN_SECRET"]]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d198b863909a252c Filesystem access.
pkgs/python/[email protected]/modal/volume.py:1514
        with open(f"/proc/{pid}/cmdline", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #039d8b1905b0c7f6 Filesystem access.
pkgs/python/[email protected]/modal_docs/gen_cli_docs.py:174
        (output_dir / rel_path).write_text(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d38fbb84a00ac92 Filesystem access.
pkgs/python/[email protected]/modal_docs/gen_reference_docs.py:337
        with open(filename, "w") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

numpy

python dependency
expand_more 1084 low-confidence finding(s)
low env_fs dependency Excluded from app score #03efbc1cfeb180bd Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:122
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e9ae1d0835a4970 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:327
    PATH = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfb7da3273cadbf6 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:332
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32fd9419d068386c Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:497
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #154de82840629915 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:515
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebef3d0d68fb7532 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:538
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #444a6930eea33a67 Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:617
        with open(local, "wt", encoding="utf8") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfcc2109c5131133 Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:620
        with open(pkg_config_fname, "wt", encoding="utf8") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cc0fd98e07e91a28 Environment-variable access.
pkgs/python/[email protected]/benchmarks/benchmarks/__init__.py:12
    if 'SHELL' in os.environ and sys.platform != 'win32':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4a975e9584ee54db Filesystem access.
pkgs/python/[email protected]/benchmarks/benchmarks/__init__.py:35
        with open(lock_path, 'a+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #81905a423594a65f Filesystem access.
pkgs/python/[email protected]/doc/neps/tools/build_index.py:34
        with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #534e4c34f5604f44 Filesystem access.
pkgs/python/[email protected]/doc/neps/tools/build_index.py:125
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afa1069416da8beb Filesystem access.
pkgs/python/[email protected]/doc/postprocess.py:18
        with open(fn, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d5d6f4f5ec015b0 Filesystem access.
pkgs/python/[email protected]/doc/postprocess.py:24
        with open(fn, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb2d625690aa2ed6 Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:18
    with open(gen_path, 'w') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #194264c4718eb0bc Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:35
    with open(os.path.join(dsrc_path, "doxyfile")) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29bca494d5d50710 Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:44
            with open(conf_path) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e004bbbe124b305 Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:273
if os.environ.get('CIRCLE_JOB') and os.environ['CIRCLE_BRANCH'] != 'main':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5ab35818ba31795 Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:275
    switcher_version = os.environ['CIRCLE_BRANCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #348579642028ee9f Environment-variable access.
pkgs/python/[email protected]/numpy/__init__.py:897
        use_hugepage = os.environ.get("NUMPY_MADVISE_HUGEPAGE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55413f70ebabeefb Environment-variable access.
pkgs/python/[email protected]/numpy/__init__.py:929
    if (os.environ.get("NPY_PROMOTION_STATE", "weak") != "weak"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d8e9ecb19544ae9 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:8
    with open(init) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ad5f78f2462710a Environment-variable access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:89
                os.environ.get('MESON_DIST_ROOT', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74934b8479156f64 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:98
        with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb65c2760a0b5dd1 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/process_src_template.py:32
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1a96ce3c1f60c6c Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita.py:25
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #420525f244d85ef4 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:164
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8f45384344194c9 Environment-variable access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1098
        vars.update(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21dccfa68d58f0e0 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1112
        with open(template_name, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #853f5f09df6ac678 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1117
        with open(options.output, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #679dca0ede38aa87 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/__init__.py:17
    if envkey not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb2b7552a5ac130c Environment-variable access.
pkgs/python/[email protected]/numpy/_core/_add_newdocs_scalars.py:60
            machine = os.environ.get('PROCESSOR_ARCHITEW6432', '') \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5490d671e6e6ba2 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/_add_newdocs_scalars.py:61
                    or os.environ.get('PROCESSOR_ARCHITECTURE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d167b8b26c63a9e6 Filesystem access.
pkgs/python/[email protected]/numpy/_core/_methods.py:242
        ctx = open(os.fspath(file), "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f47d45368a4f9aa Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:249
        fo = open(filename, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82bc0bd1aa504922 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:321
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6c169f9e49f7019 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:325
    with open(filename, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05b42b67150e7ed1 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:545
    with open(file) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4e9fb7b474cc10e Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/generate_umath.py:1638
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dbbb1cad4207bef Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/generate_umath_doc.py:23
    with open(target, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa8e2185d726773a Filesystem access.
pkgs/python/[email protected]/numpy/_core/memmap.py:236
            f_ctx = open(
                os.fspath(filename),
                ('r' if mode == 'c' else mode) + 'b'
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #271f36776f6bcb46 Filesystem access.
pkgs/python/[email protected]/numpy/_core/records.py:900
        ctx = open(os.fspath(fd), 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9e8b302bd9d02bc Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/common/pythoncapi-compat/upgrade_pythoncapi.py:608
        with open(filename, encoding=encoding, errors=errors, newline="") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c4ddb18d546e6ab Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/common/pythoncapi-compat/upgrade_pythoncapi.py:627
        with open(filename, "w", encoding=encoding, errors=errors, newline="") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e04aeb282739a326 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:85
if 'REPO_NAME' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #71aef9c6f11abe32 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:86
   REPO_NAME = os.environ['REPO_NAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cb44189d3e1659a2 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:91
if 'current_language' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #516459fc47650b51 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:93
   current_language = os.environ['current_language']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #03402e0e81d5ce58 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:106
if 'current_version' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #220e6e3f901c62dd Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:108
   current_version = os.environ['current_version']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f2c95e87ab25fa1f Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:59
    data = open(file, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5b559889b86b0515 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:73
        with open(ext_file, 'w') as handler:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b1af6da15a6e5cbb Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:83
            data = open(ext_file, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93c8e850fcc4221e Environment-variable access.
pkgs/python/[email protected]/numpy/conftest.py:60
os.environ["NUMPY_EXPERIMENTAL_DTYPE_API"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23536f1f9fe5eae1 Environment-variable access.
pkgs/python/[email protected]/numpy/conftest.py:102
        os.environ['NPY_AVAILABLE_MEM'] = available_mem

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a6a8583a0cb97b0 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:62
    with open(dep_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b78a441ab80ea040 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:137
    env = env if env is not None else dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acba9f8384d1ffa5 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:548
            with open(fn, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef5a167869d569dc Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:673
            extra_args  = os.environ.get("CFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3995bf2337edaca3 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:674
            extra_args += os.environ.get("CPPFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a294fd592d793b91 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:738
        old_path = os.getenv("path")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a15fabdce4d8547 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:740
            os.environ["path"] = self._ccompiler._paths

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e66148d721d734d8 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:743
            os.environ["path"] = old_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6ca4eea09fe6f20 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:875
        with open(self._cache_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2988cd497e539b31 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:1100
        with open(test_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee089710ca682b2b Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:1864
        with open(source) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88f3ca3e20d1926c Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2381
        with open(header_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #418ebdf6c5ec8ece Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2569
        with open(wrap_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2125bb5f81af3629 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2593
            with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c5e8892627e63d7 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2626
        with open(config_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc8759be3bfe6e46 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:442
            with open(listfn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e058924c984effa Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:447
            with open(listfn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #833479b0a6dcf296 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:453
            with open(lib_fname, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9060c9de85d94d7 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_ext.py:656
                    with open(fake_lib) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ab781ba1dc3f68a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_ext.py:661
                    with open(c_lib) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e89a0b59e70168c3 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:29
    with open(source, 'r') as fs:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d67b79bb8223920b Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:30
        with open(target, 'w') as ft:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d38686b59565995 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:431
                    with open(target_file, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a98384aed7c64b72 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:728
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b29a69c57a33025 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:738
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da8db8fa8be9d4f0 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:763
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a27cae213aaf16b2 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/install.py:65
            with open(self.record) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6836cdef0f967e90 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:265
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #614d776cdbdc2aa6 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:315
        fid = open(file, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ae38090896ff148 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:318
        outfile = open(newname, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d288e5cda36e15e5 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/cpuinfo.py:111
            fo = open('/proc/cpuinfo')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #886d3f5a082bfbef Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:130
        path = os.environ.get('PATH', os.defpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5eecd4034a73d07 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:169
    env = {name: os.environ.get(name) for name in names}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b9f58599bfa6a75 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:175
        os.environ[name] = value or ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a28398b0de72839 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:264
        sh = os.environ.get('SHELL', '/bin/sh')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0365a9e149be7f78 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:989
    with open(file, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf9f28a36e764387 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:1008
    with open(src, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2f2b1573a876235 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:1020
    with open(src, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73dc1c935ebced1a Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/absoft.py:79
        d = os.environ.get('ABSOFT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13d3a4d3eb0ccc33 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:22
            v = os.environ.get(envvar, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #693f888789203aab Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:58
            envvar_contents = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a097a3957e51ba7 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:62
                    if os.environ.get('NPY_DISTUTILS_APPEND_FLAGS', '1') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbac4cb6e0762614 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:112
            target = os.environ.get('MACOSX_DEPLOYMENT_TARGET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75fdf076f1437ef1 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:130
                os.environ['MACOSX_DEPLOYMENT_TARGET'] = str(target)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6329406c7aaefb69 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:404
            with open(fn, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b142c9d0251e5d9 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/ibm.py:79
            with open(xlf_cfg) as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdf5a91ef69dda1f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/lahey.py:32
        d = os.environ.get('LAHEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b680947b61e7a302 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:213
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed364f7c78e0e871 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:250
        fid = open(file, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6122bde0e7ed5afc Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:253
        outfile = open(newname, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64e7643a906d042e Filesystem access.
pkgs/python/[email protected]/numpy/distutils/lib2def.py:112
        deffile = open(deffile, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d5459d591efd240 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:15
    with open(file, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d624776f3a2df7c Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:24
        with open(file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e61089f072160e4 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:49
    with open(file, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c016883e967d9b3 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:58
        with open(file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a93b9897129f90d4 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:206
    if 'SYSTEMROOT' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64712be8656703bd Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:207
        lib_dirs.append(os.path.join(os.environ['SYSTEMROOT'], 'System32'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8cab3083a4f16f0 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:253
    with open(dfile, 'w') as d:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ed21b1f08e8b790 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:270
        winsxs_path = os.path.join(os.environ.get('WINDIR', r'C:\WINDOWS'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eecff96779a1d3fc Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:282
        for path in [sys.prefix] + os.environ['PATH'].split(';'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff378d77b2376908 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:473
    with open(def_file, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d84229ed2963dce5 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:618
            with open(manifest_name(config), "w") as man:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08463ea3656d927e Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:97
    envjobs = int(os.environ.get("NPY_NUM_BUILD_JOBS", cpu_count))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d70e279acab7c23 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:222
    with open(config_file) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6da183e20932976a Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:324
    if sys.platform=='cygwin' and 'USE_COLOR' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fac806524bdf8f44 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:427
        if os.environ.get('OSTYPE', '')=='msys':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c02e5670341fb6c Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:429
        if os.environ.get('MSYSTEM', '')=='MINGW32':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2aab415792bde4ef Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:478
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08fcdb3eacd10ef1 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1808
        old_path = os.environ.get('PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #546f860edbbb8be0 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1811
            os.environ['PATH'] = path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6603041596c485ea Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1887
        if sys.platform=='win32' and os.environ.get('SVN_ASP_DOT_NET_HACK', None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dea11671e2587ee5 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1892
            with open(entries) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3c2ad1d717f83c0 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1922
            with open(branch_fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d6032c989c941ed Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1926
            with open(branch_cache_fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3ffe484ac148a23 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2043
                    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12a7db6ad7c6f482 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2083
                    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e955071ddf144c9 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2155
    d = os.environ.get('NPY_PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #352d03a84f31d721 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2329
    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89f2cd63638bc5a2 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:46
        environ_lib = os.getenv('lib')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd2fc9e12aa7d02d Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:47
        environ_include = os.getenv('include')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb39c8dd0caeb6ed Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:51
        os.environ['lib'] = _merge(environ_lib, os.environ['lib'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d460fd3e90cc90c9 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:52
        os.environ['include'] = _merge(environ_include, os.environ['include'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2896ba66725024e3 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:46
        environ_lib = os.getenv('lib', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cb5385da1a1577a Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:47
        environ_include = os.getenv('include', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5fbf58d86b807b6 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:51
        os.environ['lib'] = _merge(environ_lib, os.environ['lib'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7481b3532fde0e0a Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:52
        os.environ['include'] = _merge(environ_include, os.environ['include'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a5e15826b255ff7 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/npy_pkg_config.py:409
    d = os.environ.get('NPY_PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b650f3e9920aa3da Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:352
    with open(os.devnull, 'w') as tmp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ad33b886676c92c Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:443
    order_str = os.environ.get(env, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15c0e961a8373d7e Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:886
                    if e in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d54535414eb15e6c Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:892
        if env_var and env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60ebcdd2fc0790df Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:893
            d = os.environ[env_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23325a958b1a9047 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1264
        mklroot = os.environ.get('MKLROOT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81434e9a48ec72f2 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1267
        paths = os.environ.get('LD_LIBRARY_PATH', '').split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1ae4e4af4c84b0e Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1270
            with open(ld_so_conf) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e057a223b630264 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1344
        tcsdsroot = os.environ.get('TCSDS_PATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f18b7bc4d17ff25 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1820
            atlas_version = os.environ.get('ATLAS_VERSION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3866727f709790cc Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1968
        info['extra_link_args'] = os.environ['NPY_LAPACK_LIBS'].split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5938c96922e23826 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1982
        if 'NPY_LAPACK_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e4717553be75ba3 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2135
        info['extra_link_args'] = os.environ['NPY_BLAS_LIBS'].split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #151bf9940f179f46 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2136
        if 'NPY_CBLAS_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57902a7a333e616c Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2139
                                        os.environ['NPY_CBLAS_LIBS'].split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e85b525201612e4 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2151
        if 'NPY_BLAS_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba08689b833dcf73 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2274
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c5fdced7c98cba5 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2393
        with open(fake_lib_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fac2daadeddd636 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2395
        with open(fake_clib_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #967eefec231a7217 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2429
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b786a345fbf1305f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2540
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c9f38915d6c2469 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2596
        libraries = os.environ.get('ACCELERATE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9116e680e46d2500 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2604
                not os.getenv('_PYTHON_HOST_PLATFORM', None)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bea91497fc41cd1 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2637
                if(os.getenv('NPY_USE_BLAS_ILP64', None)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cd875b49c7489ba Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2827
        if os.getenv("NUMERIX"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b0146e9db37a8f3 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2828
            which = os.getenv("NUMERIX"), "environment var"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53bf6c39a19f0038 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2855
        os.environ['NUMERIX'] = which[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18a257248835a2eb Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2963
        if self.config_env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f994216d95f7910f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2964
            return os.environ[self.config_env_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e1f8e0a958b3af4 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:31
    if 'OPT' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fec0c4419484154f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:34
        opt = shlex.join(shlex.split(os.environ['OPT']))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f980b5deac7861d9 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:67
        with open(obj + '.d', 'a') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf4e8199414c1fa0 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_backends/_meson.py:71
        return self.build_template_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #285637e22b13f5c8 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_backends/_meson.py:181
        meson_build_file.write_text(src)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85cec32eb67ac4ca Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_src_pyf.py:215
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61484d00d467950b Filesystem access.
pkgs/python/[email protected]/numpy/f2py/auxfuncs.py:920
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a22db5cd5ee5635 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/capi_maps.py:158
        with open(f2cmap_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a7c35f1b3abffed Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:316
        with open(filename, 'rb') as fhandle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27555b92d75bd6ee Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:327
    return open(filename, mode, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e06c9c6440b96b35 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:3703
                open(l).close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #522651288d5121b8 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:3722
        with open(pyffilename, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9c36c78de91e6ef Filesystem access.
pkgs/python/[email protected]/numpy/f2py/f2py2e.py:295
                with open(l):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e286acfac617e54 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/f2py2e.py:362
            with open(options['signsfile'], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #174de95a6dede356 Environment-variable access.
pkgs/python/[email protected]/numpy/f2py/rules.py:160
generationtime = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #056cdc60e95871c6 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1424
    with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb36e204b73deb56 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1431
        with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88b604f846e4f432 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1440
        with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8407d5303ae9a72 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1454
        with open(wn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a40822078840eef3 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1479
        with open(wn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60e6ac2aa9a13c4e Filesystem access.
pkgs/python/[email protected]/numpy/lib/_format_impl.py:966
        with open(os.fspath(filename), mode + 'b') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f98d1e38033656e Filesystem access.
pkgs/python/[email protected]/numpy/lib/_format_impl.py:971
        with open(os.fspath(filename), 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81346cbc684745fd Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:454
            fid = stack.enter_context(open(os.fspath(file), "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9c47fb0fe571848 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:568
        file_ctx = open(file, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9cd81b331b913cd Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:1552
        open(fname, 'wt').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a666dc3353c4ba67 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/clapack_scrub.py:308
    with open(filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b45e7603942c9619 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/clapack_scrub.py:318
    with open(outfilename, 'w') as writefo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af1cf20c5af4b667 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/fortran.py:116
    with open(filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d15f535f860e233 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:230
    with open(wrapped_routines_file) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d29cb7346817b62b Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:250
        with open(filename, 'w') as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e243de00e51cfb4 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:256
    with open(output_file, 'w') as output_fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0be84ad08f506bf2 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:258
            with open(r.filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #998e5acd9bf0f79b Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:275
    with open(c_file) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ce803ddfce574c3 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:278
    with open(c_file, 'w') as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #360ed963fd50db07 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:301
        with open(fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12cc38aef4729994 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:309
    with open('f2c.h') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #345df987730bc7e5 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:315
    with open(os.path.join(output_dir, 'lapack_lite_names.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fb49cef79cab9fa Filesystem access.
pkgs/python/[email protected]/numpy/ma/mrecords.py:649
        f = open(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #337cdcfbb2d60621 Filesystem access.
pkgs/python/[email protected]/numpy/random/_examples/cffi/parse.py:12
    with open(os.path.join(inc_dir, 'random', 'bitgen.h')) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fdc406f76ea314e Filesystem access.
pkgs/python/[email protected]/numpy/random/_examples/cffi/parse.py:21
    with open(os.path.join(inc_dir, 'random', 'distributions.h')) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbb7588a9a7630d9 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/extbuild.py:210
    with open(cfile.parent / "meson.build", "wt") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd9084ec385abbbb Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/extbuild.py:224
    with open(native_file_name, "wt") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e35e3fab29fbfcb6 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:73
                np_dist.read_text('direct_url.json') or '{}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85ba32ffba94628e Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:174
            with open(_proc_pid_stat) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39679aa523348652 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:203
            with open(_proc_pid_stat) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1e6efaf31d1e8a0 Environment-variable access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:2700
    env_value = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #371f40bc9dc8b89f Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:2752
        with open('/proc/meminfo') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #affa641efaaffa78 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:57
        with open(self.path, "r") as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2b04cf7438ccbc95 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:66
        with open(self.path, 'r') as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #20d9731e10169af7 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:96
            with open(os.path.join(root, self.clean_path(path)), "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #22cc36be276f6405 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:97
                source.write_text(fd)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9af9332a3b668266 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:101
            with open(
                os.path.join(root, self.clean_path(path) + ".html"), "w"
            ) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c535f315752fe671 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:106
        with open(os.path.join(root, 'index.html'), 'w') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6a65ee0fb09a21b2 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:165
        with open(log_file, 'r') as log_fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #174fc0889ce344af Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:176
        files.write_text(args.directory)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #05c40ca0eaa4543d Filesystem access.
pkgs/python/[email protected]/tools/check_installed_files.py:113
    with open(os.path.join('build', 'meson-info',
                           'intro-install_plan.json'), 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7bc576c60f9421de Filesystem access.
pkgs/python/[email protected]/tools/check_openblas_version.py:48
        with open(reqfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #13b6a0a319edc347 Filesystem access.
pkgs/python/[email protected]/tools/check_python_h_first.py:77
    with open(name_to_check) as in_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f1a7d4b4f3d4e3e6 Filesystem access.
pkgs/python/[email protected]/tools/download-wheels.py:95
        with open(wheel_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d07c2f4a2332e9fd Filesystem access.
pkgs/python/[email protected]/tools/functions_missing_types.py:103
        with open(module_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #efc95b545305b547 Filesystem access.
pkgs/python/[email protected]/tools/get_submodule_paths.py:12
    with open(gitmodule_file) as gitmodules:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ca539e335d419e53 Filesystem access.
pkgs/python/[email protected]/tools/get_submodule_paths.py:19
    with open(
            os.path.join(root_directory, ".gitattributes"), "r"
    ) as attr_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fbf6cf801776bc4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:21
        data = json.loads(path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f27c6c4d84e16c4e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:83
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e398dde9fea5796c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:100
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #152a4617d62c0c57 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:140
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #48d34241675e29d0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/extensions/refman_links.py:128
        raw = Path(self._data_file).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dc0ac8f0159b4d99 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/genrelnotes.py:71
            snippet = snippetfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #aa89498d59599ab0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/jsonvalidator.py:146
    root_tmp = json.loads(args.doc_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b060bd005e8ade2a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorjson.py:115
        self.out.write_text(json.dumps(data), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5dd9424d7ededf04 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorman.py:65
        self.path.write_text(self.text, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f5153c6380c59137 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:115
        out_file.write_text(data, encoding='ascii')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #72552a871c683833 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:128
            template=template_file.read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0b99be97b9e8fe5d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:357
        raw = self.sitemap_in.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3fde882d82b6e385 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:368
        self.sitemap_out.write_text(out, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #538ca65f58d3b1d9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:390
        self.link_def_out.write_text(json.dumps(data, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #87780883a9c2bcb4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorvim.py:30
            template=template_file.read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5eafd4e033af5038 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorvim.py:37
        out_file.write_text(result, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3440cf902299e31f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/loaderbase.py:194
        return f.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dfef1bb0527d89c0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/loaderpickle.py:16
        res = pickle.loads(self.in_file.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2d90e4098afd6611 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/main.py:76
        args.depfile.write_text(out_text, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cc3e33ee59dacb90 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/validatelinks.py:24
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c815571be03467b6 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/manual tests/4 standalone binaries/build_windows_package.py:14
    response = urllib.request.urlopen(sdl_url, timeout=600.0)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0c0681a65da4d88e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/manual tests/4 standalone binaries/build_windows_package.py:16
    open(sdl_filename, 'wb').write(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ecd085646d72af3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:441
            return open(outfileabs_tmp, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6410f127f833bc17 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:606
            with open(rsp_file, 'w', encoding='utf-8', newline='\n') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3b0521d82f8f869 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:710
        with open(exe_data, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b55e24522c54b52b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:717
        with open(test_data, 'wb') as datafile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3945386e568338f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:720
        with open(benchmark_data, 'wb') as datafile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e171777972df77a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:882
        with open(pch_file_tmp, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef09c7f467486f9b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1287
        with open(ifilename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdbf5c8c2ea96ec3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1318
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #251bcd2b6fab22be Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1636
        with open(install_data_file, 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d68c3292f4ed980 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:533
                return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3468e1035c0d01d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:538
            return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3b4e92d5533d607 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:542
        with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8a2b3295b20ed34 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:575
                    with open(tempfilename, 'ab') as binfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b0ac7df39d4cf2c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:577
                    return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c8cdc2e8de46102 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:619
        with open(tempfilename, 'w', encoding='utf-8') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a83e6e0b803dedd0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:701
        with open(os.path.join(self.environment.get_build_dir(), 'rust-project.json'),
                  'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a272b693cc92f2ae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:733
            with open(os.path.join(builddir, 'compile_commands.json'), 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e80e41fbb01c3c4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1149
            with open(pickle_abs, 'rb') as p:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ace9f9c10d5a930c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1154
            with open(pickle_abs, 'wb') as p:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a1c8c0da4b78c20 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1479
        with open(manifest_fullpath, 'w', encoding='utf-8') as manifest:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d61853325698323 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:2848
            with open(filename, encoding='ascii', errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0b825ac51c0115a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:3807
        with open(d_file, 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffeea31cd3c0a0e4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:36
    vs_version = os.getenv('VisualStudioVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #396f2271220f8a12 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:37
    vs_install_dir = os.getenv('VSINSTALLDIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57b1363ccb8aaecc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:296
        with open(Vs2010Backend.get_regen_stampfile(build_dir), 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56e7711623cc1957 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:300
        has_arch_values = 'VSCMD_ARG_TGT_ARCH' in os.environ and 'VSCMD_ARG_HOST_ARCH' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d066ccc54ec07432 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:303
        if 'VCINSTALLDIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #037593bd85fff701 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:304
            vs_version = os.environ['VisualStudioVersion'] \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ecfb1712b48c178 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:305
                if 'VisualStudioVersion' in os.environ else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83de19200d0237d7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:307
            script_path = os.environ['VCINSTALLDIR'] + relative_path + 'vcvarsall.bat'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e04906476979711 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:310
                    target_arch = os.environ['VSCMD_ARG_TGT_ARCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97387ba0343c4662 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:311
                    host_arch = os.environ['VSCMD_ARG_HOST_ARCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #978252fd6a2dec3d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:313
                    target_arch = os.environ.get('Platform', 'x86')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66b9efeaf127bce6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:319
        if 'VS150COMNTOOLS' in os.environ and has_arch_values:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56844b3586b86b42 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:320
            script_path = os.environ['VS150COMNTOOLS'] + 'VsDevCmd.bat'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cade94ada675467 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:323
                    (script_path, os.environ['VSCMD_ARG_TGT_ARCH'], os.environ['VSCMD_ARG_HOST_ARCH'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c3e23d3173eff77 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:425
        with open(sln_filename_tmp, 'w', encoding='utf-8-sig') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f2c5b6c708cc136 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:1001
        with open(ofname_tmp, 'w', encoding='utf-8') as of:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f99b18d57ace33e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:2092
            with open(rulefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e64152113a9cfa3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2017backend.py:45
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #219a01a9d3a5281d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2019backend.py:40
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cc2e25a1bb15d3e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2022backend.py:40
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c8d68350692b15f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/xcodebackend.py:274
        with open(tmpname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8addae19effc6878 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/build.py:3360
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30c38b60da4db846 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cargo/toml.py:36
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4cf1bec4733d1f3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/executor.py:214
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4632e6f25674a1c1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:51
        query_file.write_text(json.dumps(query, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c568fd6c1337d18 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:75
        debug_json.write_text(json.dumps(index, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28d59566a2caaec7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:320
        data = json.loads(real_path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84fc0809e233253c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/interpreter.py:865
            os_env = environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e27dda438a076446 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:61
        self.toolchain_file.write_text(self.generate(), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74683e30bbbbe65a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:62
        self.cmcache_file.write_text(self.generate_cache(), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #927d8534eae227f0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:228
        cmake_file.write_text(cmake_content, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6c7675fdaf55e96 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:232
        temp_toolchain_file.write_text(CMakeToolchain._print_vars(self.variables), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1961668e6515078 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/traceparser.py:170
            trace = self.trace_file_path.read_text(errors='ignore', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #655222ca10cac3ca Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/compilers.py:830
                with open(srcname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bedbee404b039dce Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/compilers.py:861
            os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60e28bc7e714cad6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/cs.py:90
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eda0849b6172cc97 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/cuda.py:535
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0a98d1dc1cfe0f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/d.py:444
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13be8cbae081a763 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:295
            if 'WATCOM' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aa3b9142c8c39a2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:299
                watcom_cls = [sanitize(os.path.join(os.environ['WATCOM'], 'BINNT', 'cl')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d50bfa948b20432 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:300
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT', 'cl.exe')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61765e406a5f34a7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:301
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT64', 'cl')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e24d6905cbdacb9b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:302
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT64', 'cl.exe'))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be4a755dda7c6320 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:1321
            default_path = os.path.join(os.environ['ProgramFiles'], 'NASM')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1db4b81fdb693522 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/java.py:79
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #565e94590e059f6b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:219
                    with open(file_to_check, 'rb') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d3b881f54bb1293 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:295
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12976e2b2afdd232 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:914
            with open(p.output_name, 'rb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #012866305dcb362e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:1197
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83242cca16afbc04 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:43
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a14e0cb5c1474e5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:54
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67500c4916401c19 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:66
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #406efe11e9c73785 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/gnu.py:323
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fee728ec89a4145 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/visualstudio.py:354
        if 'INCLUDE' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #634658132aa5e86c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/visualstudio.py:356
        return os.environ['INCLUDE'].split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3274bb29152bc734 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/rust.py:115
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #705ef470b99a10b6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/swift.py:190
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe37b8bc1016bc96 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:316
                    with open(f, encoding='utf-8') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58a42162c105d6f8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:317
                        with open(fcopy, 'w', encoding='utf-8') as wf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba3eea3b0d6f4508 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:327
                    os.environ.get('XDG_DATA_HOME', os.path.expanduser('~/.local/share')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0160c938fbf7fc71 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:328
                ] + os.environ.get('XDG_DATA_DIRS', '/usr/local/share:/usr/share').split(':')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27e068cec5338be3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:650
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #283c48c21e6b2d82 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:664
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #626ca73c28238bf8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:695
    with open(tempfilename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #333e447c117fbf71 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:750
        deploy_target = os.environ.get('MACOSX_DEPLOYMENT_TARGET', macos_version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a1ce251b6ea634b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:761
        deploy_target = os.environ.get('IPHONEOS_DEPLOYMENT_TARGET', ios_version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22b3d4c98f972e39 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:899
        _m = os.environ.get('MKLROOT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #544d758b84e5d5d0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/boost.py:764
        raw = hfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #855fbecaedb40e51 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:302
        for i in os.environ.get('PATH', '').split(os.pathsep):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #957df36c1d8b9cb6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:333
        env_path = os.environ.get(f'{name}_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6ea90630df60324 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:584
        cmake_txt = importlib.resources.read_text('mesonbuild.dependencies.data', cmake_file, encoding = 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #400c54885032c84b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:604
        cm_file.write_text(cmake_txt, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02e3b7a54bc86835 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:169
        env_vars = [var for var in env_vars if var in os.environ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e06c3fc427b90ea5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:170
        user_defaults = {os.environ[var] for var in env_vars}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7b2ceca2e523389 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:176
        return ([(os.environ[self.env_var], True)] if self.env_var else []) \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8f1c815c4d7c4a9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:180
        env_vars = os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e1c42104f3ee00f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:181
        return [(os.environ[var], False) for var in env_vars if var.startswith('CUDA_PATH_')]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab24087a00da0f9e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:217
            raw = i.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5df6463387a23e49 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:235
            with open(version_file_path, encoding='utf-8') as version_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f527d3ffe20295c1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/dev.py:782
        vsdir = os.environ.get('VSInstallDir')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3088e3abf3a6f1ad Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:112
            os.environ[f'HDF5_{cenv}'] = join_args(compiler.get_exelist())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #089b0781e81e4840 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:113
            os.environ[f'HDF5_{lenv}LINKER'] = join_args(compiler.get_linker_exelist())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0739a8ae1e5ece12 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:116
            del os.environ[f'HDF5_{cenv}']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5287541b8f98ad4c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:117
            del os.environ[f'HDF5_{lenv}LINKER']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f07d55aecd5b68b9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:56
        tool_names = [os.environ.get(env_name) for env_name in env_vars]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2641500a1674b907 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:228
        incdir = os.environ.get('MSMPI_INC')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72108f94de94565b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:232
            libdir = os.environ.get('MSMPI_LIB32')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eedb2ec2719d90d0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:235
            libdir = os.environ.get('MSMPI_LIB64')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0a3da1dad3f366d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:154
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a36f95a4156c63f4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:169
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a1eb9437067b9c9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:290
        env = env or os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2df26307da488746 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:543
        with open(la_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #747e1d4a6e3b118c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:129
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f921793c0f843876 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:427
                old_pkg_libdir = os.environ.pop('PKG_CONFIG_LIBDIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e069e0edbb92576d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:428
                old_pkg_path = os.environ.pop('PKG_CONFIG_PATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e075381c0a59ea17 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:429
                os.environ['PKG_CONFIG_LIBDIR'] = pkg_libdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3aeb99301d232e71 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:435
                            os.environ[name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86c0ec0fb9e81412 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:436
                        elif name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #055973f5ea82461a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:437
                            del os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5f550b705de59db Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/scalapack.py:59
        _m = os.environ.get('MKLROOT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2458bc9248a2174b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/ui.py:117
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f16496a88394783 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/ui.py:190
        self.vulkan_sdk = os.environ.get('VULKAN_SDK', os.environ.get('VK_SDK_PATH'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dda4eace365ae173 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:84
        value = os.environ.get(var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e085918dded6ac4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:183
    env_ninja = os.environ.get('NINJA', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50b0fbc69c1a369c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:268
    if 'SCANBUILD' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ffddbbe16783624 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:269
        exelist = split_args(os.environ['SCANBUILD'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0b455ac7f6156c5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:541
    return os.environ.get('MSYSTEM_CARCH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d89ec9ab580f66cb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:395
        if 'MESON_UNIT_TEST' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ca9639510a33d6d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:397
        if 'MESON_RUNNING_IN_PROJECT_TESTS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f32fc2de6791993b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:991
                with open(meson_filename, "w", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11ef5d50bd1c5b84 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:1249
                ver_data = Path(ifname).read_text(encoding='utf-8').split('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1c4a4f7aaddb96d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:2756
                with open(dst_tmp, 'w', encoding=file_encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a50b65bc82a514f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:2763
                with open(depfile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d07883487224ddf3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreterobjects.py:243
        child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab3376148c100f9e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:105
            with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df0699a3fa9fcf1c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:154
                    with open(parent / 'meson.build', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e878dd7c40c9a00 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:701
            with open(option_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4890ff008434fcb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/machinefile.py:40
                with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd66a9d124835020 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mcompile.py:253
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2759cade15ecc11a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mconf.py:94
                    with open(opfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caac07eca5834ffd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mconf.py:109
                        with open(opfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6e0a26ba4fb329b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:71
    env = {} if dump_fmt else os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12a93648e2b23a01 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:140
            gdbinit_path.write_text(gdbinit_line, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19ab52429c8c297e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:178
            with open(options.dump, "w", encoding='utf-8') as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4325bc5590d3f51 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:196
        shell_env = os.environ.get("SHELL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1706e32c4107590 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:209
                args = [os.environ.get("COMSPEC", r"C:\WINDOWS\system32\cmd.exe")]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcbd6e5e5b292ad2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:212
            args = [os.environ.get("SHELL", os.path.realpath("/bin/sh"))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cec116ac21166e7f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:217
            if not os.environ.get("MESON_DISABLE_PS1_OVERRIDE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d65d0cdc27d3892 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:64
    m.update(open(fname, 'rb').read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ac26319ab65f7d2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:65
    with open(hashname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4c3f3bb4794c87c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:92
            if 'GITLAB_CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7064e9bd26c8d604 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:257
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2b3e2a942ee532e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:290
            with lzma.open(xzname, 'wb') as xf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a62973042a7fd045 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:295
            with bz2.open(bz2name, 'wb') as bf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce5e01b1dfdff0a7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:300
            with gzip.open(gzname, 'wb') as zf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db87192bb6f5ae98 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:320
    myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a242b40d6f07db1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesondata.py:20
            data = importlib.resources.read_text( # [ignore encoding] it's on the next lines, Mr. Lint
                    ('mesonbuild' / self.path.parent).as_posix().replace('/', '.'),
                    self.path.name,
                    encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db105b71df34d2c5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesondata.py:24
            path.write_text(data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8da2c6308e55a88 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:33
        if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab9146925a23fd83 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:43
        if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eed81e681cac05e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:257
    if os.environ.get('MESON_SHOW_DEPRECATIONS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #618c55bced092cd5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:264
    if sys.version_info >= (3, 10) and os.environ.get('MESON_RUNNING_IN_PROJECT_TESTS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f315729efe414fc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:282
    if sys.platform == 'cygwin' and os.environ.get('MSYSTEM', '') not in ['MSYS', '']:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a47f9ed68fad34c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mformat.py:37
            self.read_string(f'[{self.default_section}]\n' + filename.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #014956eb3b414669 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mformat.py:1081
                code = src_file.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50aca39759979838 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:545
            destdir = os.environ.get('DESTDIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8537c6360347227e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:551
            os.environ['DESTDIR'] = destdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb5f24c33a651710 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:581
                os.environ.get('MESON_ROOT_CMD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3686951e585b04c5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:587
            if rootcmd is None and pkexec is not None and 'PKEXEC_UID' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #663760488f126ce8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:814
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60b322c58df1228c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:816
            if os.environ.get('SUDO_USER') is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f670ecbcef4661a6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:825
            elif os.environ.get('DOAS_USER') is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e05251c1e4641a2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:879
    with open(os.path.join(log_dir, 'install-log.txt'), 'w', encoding='utf-8') as lf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75e0fcdb7c4f4cc6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:521
    with open(get_info_file(infodir, kind), encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e552b90bd83afc0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:590
        with open(tmp_file, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #719060309b8f1349 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:660
    with open(tmp_file, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fe1126ee9994077 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:50
    return bool(kernel.SetConsoleMode(stdout, mode.value | 0x4) or os.environ.get('ANSICON'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1208fb8524c7772c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:52
_in_ci = 'CI' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3861b775ea043941 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:53
_ci_is_github = 'GITHUB_ACTIONS' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08605296eb03f5fe Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:120
        if 'PAGER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70b31ad0fdcad935 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:121
            pager_cmd = shlex.split(os.environ['PAGER'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02b4f3cc285ee4a9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:140
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fac7c0ff131a41d5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:150
            if 'PAGER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d3d07a64bd6c2e5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:166
        self.log_file = open(os.path.join(logdir, self._LOG_FNAME), 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5706e1a49c1063ca Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:394
                _colorize_console = os.isatty(output.fileno()) and os.environ.get('TERM', 'dumb') != 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec8b25b9474b1522 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:570
    elif 'MESON_FORCE_SHOW_LOGS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2fe74eb0d7d397f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:577
    with open(fname, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67ae5f1b6466d658 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/_qt.py:804
        with open(fileout_abs, 'w', encoding='utf-8') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc17e0047c56372e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/cmake.py:341
            with open(infile, encoding='utf-8') as fin:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd67f167a5195c9d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/cmake.py:355
        with open(outfile_tmp, "w", encoding='utf-8') as fout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecf9b7c5188b5ce4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/dlang.py:58
            with open(config_path, encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97c963c95d2d6962 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/dlang.py:87
        with open(config_path, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e62a11c001d8a7a7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/external_project.py:142
        self.run_env: EnvironOrDict = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9004900dedcb9566 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/external_project.py:207
            output = open(log_filename, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b8e2deb3c294102 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/features/module.py:683
        with open(config_path, "w", encoding='utf-8') as cout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e17dd7c223a594c0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/fs.py:169
        with open(file, mode='rb', buffering=0) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b597a9cfdb450ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/fs.py:268
            with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6281b1f935dfe5b5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/gnome.py:953
        with open(gir_filelist_filename, 'w', encoding='utf-8') as gir_filelist:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #329c8b3bd9f7c5d2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/gnome.py:2209
        with open(fname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ffe2737e7a378b1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/hotdoc.py:321
        with open(hotdoc_config_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc4a615185339e04 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/i18n.py:235
        rsp_file.write_text(source_list, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #864df98d04115ce6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/keyval.py:31
            with open(path_to_config, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0a0f5f607f59475 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/pkgconfig.py:527
        with open(fname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9aff24221bd5f46 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:401
        with open(pycompile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a513510c2bed13e1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:403
                f.write(importlib.resources.files('mesonbuild.scripts').joinpath('pycompile.py').read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e183ea0e48abb951 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:415
                with open(os.path.join(self.interpreter.environment.get_scratch_dir(), manifest), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de1c9d7b236d29e6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mparser.py:111
        self.in_unit_test = 'MESON_RUNNING_IN_PROJECT_TESTS' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #945c5a7fd944afa5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:150
        with open(os.path.join(build_dir, '.gitignore'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a34fa8433e5e119a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:152
        with open(os.path.join(build_dir, '.hgignore'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb20ba9f156dbc9b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:322
                with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9c4cb255881d7bf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:521
        self.file = open(filename, 'w', encoding='utf-8', errors=errors)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2eb876b4480ba5e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:755
        inherit_env = env_tuple_to_str(os.environ.items())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6b561a81ccbfb28 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:948
        with open(self.filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b42494bc07ac91b2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1048
        test_only_env = set(self.env.items()) - set(os.environ.items())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c7ac901a8664feb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1110
            with open(filename, 'r', encoding='utf8', errors='replace') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed1063c11a39673a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1783
        return current.env.get_env(os.environ.copy())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9919e56345523aa9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1791
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69fdafa3c90da3d9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:2226
        with open(targets_file, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60da8b68f7ba91ec Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:2308
            if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6580ead5c8dee0d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/optinterpreter.py:83
            with open(option_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0096fe39049854e6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:149
        if 'USERPROFILE' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eaede70fcdabf876 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:160
        appstore_dir = Path(os.environ['USERPROFILE']) / 'AppData' / 'Local' / 'Microsoft' / 'WindowsApps'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a9197a0ebed7c9f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:192
            with open(script, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #635106ab7376c24f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:296
        search_dirs = OrderedSet(self._windows_sanitize_path(os.environ.get('PATH', '')).split(';'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c15471f1cf9c57d7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:318
        path = os.environ.get('PATH', os.defpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbe52d8b9633d1d0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1024
                with open(fpath, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c7d3a789ac16425 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1026
            with open(fpath, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2f9a245dc822248 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1077
            with open(val['path'], 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #077cf1c39851410e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1131
        with open(options.json, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9e8348c7f935833e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/clangformat.py:26
            original = fname.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #be04dd27c50c6345 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/cleantrees.py:28
    with open(args[0], 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #085bc9bbe5a93446 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/coverage.py:103
                    with open(llvm_cov_shim_path, 'w', encoding='utf-8') as llvm_cov_bat:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7aebd9144f731c98 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/coverage.py:107
                    with open(llvm_cov_shim_path, 'w', encoding='utf-8') as llvm_cov_sh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a2932576cbdd9780 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:105
    with open(outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b7c5c04fa5d166dc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:119
    with open(jsonfile, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6ff9c92fc872b005 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:125
        with open(dep, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #956d39ed7fee6ca1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:133
            self.bf = open(bfile, 'r+b')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c0fa508c0be48c39 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:138
                self.bf = open(bfile, 'r+b')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #687dd535ab20663c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:444
    with open('META-INF/MANIFEST.MF', 'r+', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d81390aef96e1ffe Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:72
        with open(pickle_file, 'rb') as pf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3791d224d0e249c4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:90
        for line in fpath.read_text(encoding='utf-8', errors='ignore').split('\n'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #98a366eef3f211fa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:134
        for line in fpath.read_text(encoding='utf-8', errors='ignore').split('\n'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d7a349cdf638f938 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:199
        with open(self.outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7b3c937e986d703a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:95
    cppflags = shlex.split(os.environ.get('CPPFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #50a8f37cd2086b3b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:96
    cflags = shlex.split(os.environ.get('CFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #16a0b40173709063 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:97
    cxxflags = shlex.split(os.environ.get('CXXFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1a9b28547670ee6a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:98
    objcflags = shlex.split(os.environ.get('OBJCFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8dbe8b0d02c7d811 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:99
    objcxxflags = shlex.split(os.environ.get('OBJCXXFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #131a937279910f68 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:100
    ldflags = shlex.split(os.environ.get('LDFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #545b6cfb4dc13ced Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:273
    with open(tmpfilename, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a4da7dddf391a761 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:324
        compile_args = shlex.split(os.environ.get(compilers.CFLAGS_MAPPING[langname] + envvar_suffix, ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #76a6fc3b7b2d3d49 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:326
        cppflags = tuple(shlex.split(os.environ.get('CPPFLAGS' + envvar_suffix, '')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #70ddefb73b60ea70 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:332
        lang_link_args += shlex.split(os.environ.get('LDFLAGS' + envvar_suffix, ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d68b4f045141c07a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:339
        compilerstr = os.environ.get(envvarname + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #572cfc38d9c02359 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:357
        binstr = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b3288ef69a0bcfe3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:362
    var = os.environ.get('PKG_CONFIG_LIBDIR' + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #788ff41220f02549 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:365
    var = os.environ.get('PKG_CONFIG_SYSROOT_DIR' + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ace62fc5463e9831 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:27
        with open(self.depfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a573d14c9ddc8fe4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:38
        with open(self.stampfile, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #505366c15c2f0333 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:73
            output = open(log_filename, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ac2e9a9f5cb4d810 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:78
        run_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a773da970d90b364 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gettext.py:30
        with open(linguas, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d045bf493da582f3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gettext.py:48
    child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e69297d8a897fbdd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:52
    env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2d6a7b40df4e945b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:270
    if 'MESON_INSTALL_PREFIX' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #50de9ce8414a409c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:271
        destdir = os.environ.get('DESTDIR', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #309e4a4dd3ee24bc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:272
        install_prefix = destdir_join(destdir, os.environ['MESON_INSTALL_PREFIX'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ffc9edea317e25f0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/hotdochelper.py:23
    subenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #23cd3c4a85f1812b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/hotdochelper.py:35
        destdir = os.environ.get('DESTDIR', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cf23314dc46db705 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/itstool.py:64
    build_dir = os.environ.get('MESON_BUILD_ROOT', os.getcwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bc21fc6e44e97e00 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:31
    child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #602b9d55e99fd8e1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:49
        stdin = open(exe.feed, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #11325dd33eaec5bc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:84
            with open(exe.capture, 'rb') as cur:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a0a5b71df7f25013 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:89
            with open(exe.capture, 'wb') as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #19e93e4ee885033f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:106
        with open(options.unpickle, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4486a4222453333e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/msgfmthelper.py:25
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c81777d91fb0ee42 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:12
quiet = int(os.environ.get('MESON_INSTALL_QUIET', 0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9ad404f1af18b879 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:22
        fullpath = absf = os.environ['MESON_INSTALL_DESTDIR_'+key] + f

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #82c9ed57d2decc9a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:23
        f = os.environ['MESON_INSTALL_'+key] + f

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #79b930ad83da77b7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:41
    with open(data_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #727aca768400b204 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/regen_checker.py:41
    with open(dumpfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #901ab943e0a1054a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/regen_checker.py:44
    with open(coredata_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f926f7aefdf34b02 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/reprotest.py:61
        os.environ['CCACHE_DISABLE'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #aca19ed80a3f4b86 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/run_tool.py:136
    with open('meson-info/intro-targets.json', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #33b36a7aca84c8b5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/run_tool.py:156
    with open('meson-info/intro-targets.json', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #099146d31a549fec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:31
    with open(outfilename, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2bbf6f0b44dc3d54 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:36
        with open(outfilename, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #45aa2624d6665832 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:42
    with open(outfilename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #010ec8a3fd898833 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:53
    with open(TOOL_WARNING_FILE, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b171f5b77e6dd250 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:58
    if evar in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #43df752c6629fbbf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:60
        return shlex.split(os.environ[evar])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fc9395d797aa51f9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:118
    origpath = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8c6b774b3d75f8da Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:120
        os.environ['PATH'] = '/usr/gnu/bin:' + origpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2a9c3f94717f4f7d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:123
        os.environ['PATH'] = origpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #73a62ef019140c6e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:228
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #31230021192b187a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:307
            with open(TOOL_WARNING_FILE, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b7b8caab485bf1d0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/uninstall.py:14
    for line in open(log, encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #276e881ad81cb637 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:16
    with open(infile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9a9dc5e9cfb3177c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:19
        with open(outfile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #be4fa9330bd8b480 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:24
        with open(outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0b13234b1e526f63 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/yasm.py:21
    with open(options.depfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e0232b2b5d9f555 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:87
            with open(source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c8d37eb5a7812b5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:91
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e047dd031ed5924 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:120
            with open(lib_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76edb5c8533f1be9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:123
            with open(test_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6fd57f8160b8d14 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:126
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23d6bb95c356c388 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:141
            with open(source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f1e4673017de9d1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:144
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ea7ea2e9e09169f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:182
            with open(lib_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a0120384b85aa74 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:185
            with open(test_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b53db1f365e8f430 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:188
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c5477e97c6d6dbc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:213
            with open(kwargs['header_file'], 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb569d2e32f18132 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/posix.py:21
            self.lockfile = open(self.lockpath, 'w+', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #418171d2e757e330 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:241
    if 'MESON_COMMAND_TESTS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f9ef145a44eb987 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:743
    arch = os.environ.get('PROCESSOR_ARCHITEW6432', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11d421b3ae25d5d7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:747
            arch = os.environ['PROCESSOR_ARCHITECTURE'].lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd104ad7ddc34839 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:827
    vsver = os.environ.get('VSCMD_VER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9d231ee6a465cc1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1115
        if varname in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cdb1f197b4d6825 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1117
                num_workers = int(os.environ[varname])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d167561c5ee5b3f5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1529
        with open(src, encoding=encoding, newline='') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba013f8dcc144333 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1537
        with open(dst_tmp, 'w', encoding=encoding, newline='') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8858f50cd7b822d1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1598
    with open(ofilename_tmp, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67bed1a3c0504e45 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1613
        with open(dst, 'rb') as f1, open(dst_tmp, 'rb') as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49d180b0300dae64 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1701
            with open(args_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e935c284361d498c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:2414
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c09d36283660284 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:2475
    return int(os.environ.get('MESON_RSP_THRESHOLD', limit))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f507859e062b4389 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:35
    if os.environ.get('OSTYPE') == 'cygwin':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f910b0f5c43598ad Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:37
    if 'MESON_FORCE_VSENV_FOR_UNITTEST' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8b0875892e2ca1d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:40
        if 'VSINSTALLDIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a51f4aacf4e402d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:55
    root = os.environ.get("ProgramFiles(x86)") or os.environ.get("ProgramFiles")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e530a2892f5d8fb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:117
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd2fbd92ebb7cb23 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/win32.py:21
            self.lockfile = open(self.lockpath, 'w+', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf84030197308b4d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:170
    with open(wrapfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8b2356f322dcc41 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:282
        with open(filename, 'r', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41b4916e9051aa89 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:341
            with open(self.get_hashfile(subproject_directory), 'w', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95044fd6c2223b4f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:372
        self.cachedir = os.environ.get('MESON_PACKAGE_CACHE_DIR') or os.path.join(self.subdir_root, 'packagecache')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c54e25932954ebb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:535
                with open(main_fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d506c8c3e4a23634 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:726
            with open(hashfile, 'r', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b5afcf6c1dca1dc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:857
        with open(path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86a45d9781af240b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wraptool.py:103
    with open(wrapfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7736fd400e3a658e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:233
        with open(self.main_xml, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c678473376edf17 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:236
        with open(self.main_xml) as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5c217cb9a682613 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:239
        with open(self.main_xml, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48fe163c3b90dcb4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createpkg.py:94
        with open(self.distribution_file, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2f41affb5cab598 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:39
version_lines = pathlib.Path(relfile).read_text().split('\n')[:-1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b6e8d71e84b1216 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:56
    myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19f6c2e75518a1ab Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:59
    pathlib.Path(relfile).write_text('\n'.join(version_lines) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad76c7aa6a409647 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_cross_test.py:40
        data = json.loads(cf_path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a23f74b34f75867 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_cross_test.py:43
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9ea060cb3b6b046 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_format_tests.py:19
    lines = file.read_bytes().split(b'\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #623539ace69970fe Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:62
        self.orig_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #187db30416038cb9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:64
        os.environ['MESON_COMMAND_TESTS'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50b66b3f8e397051 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:75
        os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c404d005a100f1a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:76
        os.environ.update(self.orig_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7e278b535db4af4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:133
        os.environ['PATH'] = str(bindir) + os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86eb28be95998cdd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:151
        os.environ['PYTHONPATH'] = os.path.join(str(pylibdir), '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09e1fca4023f9c12 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:152
        os.environ['PATH'] = str(bindir) + os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59ac851c0f57bfa5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:163
            os.environ['PYTHONPATH'] = os.pathsep.join(PYTHONPATHS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e38ce2801be28ccb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:196
        wrapper.write_text('#!/bin/sh\n\nmeson.real "$@"', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #095ab12355bd080e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:219
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e784d069302aa5bc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:221
        with open(script_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #debbd8c682cf6bc4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:275
        self.env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #732bde5356233c10 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:307
print_debug = 'MESON_PRINT_TEST_OUTPUT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37521eacad36296c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:308
under_ci = 'CI' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4439db0f677e87cf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:309
raw_ci_jobname = os.environ.get('MESON_CI_JOBNAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #610ddb2e0bafc908 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:817
            if skip_env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3f5c55ad9ae83b4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:828
        test_def = json.loads(test_def_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d56bacd851ce882f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1057
    sanity_file.write_text('fn main() {\n}\n', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #587d89ac26da9c7a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1103
    skip_cmake = ((os.environ.get('compiler') == 'msvc2015' and under_ci) or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef6db269fb0f1d4f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1130
        TestCategory('vala', 'vala', backend is not Backend.ninja or not shutil.which(os.environ.get('VALAC', 'valac'))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54aa572d9ab9128b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1168
    with open(txtname, 'w', encoding='utf-8', errors='ignore') as lf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95a7b95ef9d71998 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1683
    if 'VSCMD_VER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b164cba66931369 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1684
        print('VSCMD version', os.environ['VSCMD_VER'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d85070de7e584227 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:50
    NINJA_1_12_OR_NEWER = bool(int(os.environ['NINJA_1_12_OR_NEWER']))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c8e48351692940e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:51
    NINJA_CMD = [os.environ['NINJA']]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c64091ef3d47d8e1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:61
    os.environ['NINJA_1_12_OR_NEWER'] = str(int(NINJA_1_12_OR_NEWER))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b26845dcae29b8d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:62
    os.environ['NINJA'] = NINJA_CMD[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d971ff82cb46aa5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:70
os.environ['PYTHONWARNDEFAULTENCODING'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1ccd096c22a730b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:72
os.environ['MESON_RUNNING_IN_PROJECT_TESTS'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25fe7b445f962280 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:116
    if not os.environ.get('MKLROOT', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02e2a5f06b309eec Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:118
    if (os.environ.get('CC') == 'icl' or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71b061b43b26b9ef Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:119
            os.environ.get('CXX') == 'icl' or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47e869c52aa39ec4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:120
            os.environ.get('FC') == 'ifort'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afda1b4d7c96da18 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:129
                 'Please try using the Intel shell.'.format(os.environ.get('MKLROOT')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35b6db395e1f6446 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:171
if 'MESON_EXE' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66b7ebb5851b70ab Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:172
    meson_exe = mesonlib.split_args(os.environ['MESON_EXE'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d217392583baf30f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:231
            with open(f, encoding='utf-8') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0a739bffed61c27 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:299
    with mock.patch.dict(os.environ, env or {}), mock.patch.object(sys, 'stdout', stdout), mock.patch.object(sys, 'stderr', stderr):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7a50e215be566ce Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:350
    if not mesonlib.is_windows() and not mesonlib.is_haiku() and 'CI' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b97990ffeb9a6ad Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:364
    if 'APPVEYOR' in os.environ and os.environ['arch'] == 'x86':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fef4a82863d88950 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:365
        os.environ.pop('platform')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deae8c5fb44baa26 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:368
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90d393d136f09d3c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_unittests.py:69
    os.environ['MESON_UNIT_TEST_BACKEND'] = be

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56bf3cf2ea7ab566 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_unittests.py:113
        if 'CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed8d7ae7d03e719d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:13
    if is_pr_env not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c90b19ff65bd3a00 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:16
    elif os.environ[is_pr_env] == 'false':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c05a6169e5a78027 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:22
    if base_env not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efafff514afa287f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:25
    return os.environ[base_env]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aadc0ce443303c5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cmake/11 cmake_module_path/subprojects/cmMod/gen.py:1
with open('main.c', 'w') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65c0596819b01625 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:12
input_file = os.path.join(os.environ['MESON_SOURCE_ROOT'], 'raw.dat')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2880e6877268b6e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:13
output_file = os.path.join(os.environ['MESON_BUILD_ROOT'], 'generated.h')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #132a33b42138ca04 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:15
with open(input_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9e64787fddb6e5d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:17
with open(output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45069ade19e9e992 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/catter.py:8
with open(output, 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5acdafb01a1af638 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/catter.py:11
        with open(i) as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e97a569f1650a120 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen-resx.py:8
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94fcdd768a0587ac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen.py:8
with open(ifile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e2a7db5252fd7b5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen.py:12
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1131c93884aac7ac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/109 custom target capture/my_compiler.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b870e9d7edbce614 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/110 allgenerate/converter.py:8
open(ofile, 'w').write(open(ifile).read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9b3e738cea3157b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/123 custom target directory install/docgen.py:14
    with open(os.path.join(out, name + '.html'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9fb0f03235fcb2b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/125 configure file in generator/src/gen.py:8
with open(ifile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39f910c7b472b959 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/125 configure file in generator/src/gen.py:12
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f040ecfa1eae937d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/128 build by default targets in tests/write_file.py:5
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce9fa401edbe5ec1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/129 build by default/mygen.py:5
ifile = open(sys.argv[1])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47a14bcc833576d0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/129 build by default/mygen.py:6
ofile = open(sys.argv[2], 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eb8b3c002cc029f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_custom.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7833fe537380223 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_generator.py:4
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dcddfbacb2cbbdf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_generator.py:6
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67ca1f03156924ec Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_env.py:12
if 'MESONINTROSPECT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c93418e13e2930c9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_env.py:15
mesonintrospect = os.environ['MESONINTROSPECT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cede7e6b15d77e82 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:8
if 'MESONINTROSPECT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d1cf6a16ee32f52 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:10
if 'MESON_BUILD_ROOT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8972408daf66da39 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:13
mesonintrospect = os.environ['MESONINTROSPECT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dee592364b36d28 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:16
buildroot = os.environ['MESON_BUILD_ROOT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2301da30486f449 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/file_contains.py:14
    with open(args.file[0], encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #627fae917d83ae7d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-deps.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70e3bd3695d87e65 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-deps.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b6f32c1a183fe56 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-without-input-file.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e878462504c89e81 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-without-input-file.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18f8b0b855f9dc9f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #592a191680c6c7f3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #010e33563f91754a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/140 custom target multiple outputs/generator.py:11
with open(os.path.join(odir, name + '.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #609e3c8084905db2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/140 custom target multiple outputs/generator.py:13
with open(os.path.join(odir, name + '.sh'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #003e062c41b02453 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/141 special characters/check_quoting.py:27
    with open(output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a7519d77bb38727 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/144 link depends custom target/make_file.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9040dc83cda6d1e2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/152 index customtarget/gen_sources.py:30
    with open(args.header, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d6799e8c44e7d2f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/152 index customtarget/gen_sources.py:33
    with open(args.code, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4de3688e2dc2e0ea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:41
    proto_name = open(ifile_name).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ee5e65b43b94ba1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:45
    open(h_out, 'w').write(h_templ % (proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7949703ed69daf81 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:46
    open(c_out, 'w').write(c_templ % (proto_name, proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #790df72a3c09fbc7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/169 source in dep/generated/genheader.py:15
funname = open(ifile).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eded30188507cba8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/169 source in dep/generated/genheader.py:17
open(ofile, 'w').write(templ % funname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4769c2af9c05a60 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/170 generator link whole/generator.py:14
    with open(hname, 'w') as hfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a71e9ee7147b0465 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/170 generator link whole/generator.py:20
    with open(cname, 'w') as cfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #538fa4d05d64409b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/178 bothlibraries/dummy.py:7
    Path(sys.argv[1]).write_text('Hello World\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f09a46de0642c86e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/179 escape and unicode/file.py:6
with open(sys.argv[1]) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b5827967dbcad53 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/179 escape and unicode/file.py:9
with open(os.path.join(sys.argv[3]), 'w', errors='replace') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba22d01328772a0d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/182 find override/subdir/converter.py:13
d = pathlib.Path(ifilename).read_text().split('\n')[0].strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6a6e87f635158d8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/182 find override/subdir/converter.py:15
pathlib.Path(ofilename).write_text(ftempl % d)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c13464634db35f4e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/186 test depends/gen.py:7
    with open(sys.argv[1], 'w') as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ea9bbde44037b5e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:41
    proto_name = open(ifile_name).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37f8dfeb3cdc8e57 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:45
    open(h_out, 'w').write(h_templ % (proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f32c03aab8bba776 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:46
    open(c_out, 'w').write(c_templ % (proto_name, proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4823198888eee23a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/202 custom target build by default/docgen.py:11
    with open(os.path.join(out, name + '.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b2a0ecd618db864 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/208 link custom/custom_stlib.py:73
    c_file.write_text(contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8081ccd8433c8f46 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/209 link custom_i single from multiple/generate_conflicting_stlibs.py:70
        c_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8249398fdffc8135 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/210 link custom_i multiple from multiple/generate_stlibs.py:72
        c_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aebd9a72dea2b024 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/216 custom target input extracted objects/check_object.py:16
    with open(sys.argv[2], 'wb') as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11da117eb5667534 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/216 custom target input extracted objects/libdir/gen.py:3
with open(sys.argv[1], 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48b4b197ba6c3889 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/22 object extraction/check-obj.py:12
    with open('compile_commands.json') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #596b78478f1168b7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/check_arch.py:12
with open(dummy_output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8571083b00c61cf2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/make_file.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fc95d60c926b424 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/make_file.py:7
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a45b15b42de59a1f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/227 very long command line/codegen.py:6
Path(sys.argv[2]).write_text(
    'int func{n}(void) {{ return {n}; }}'.format(n=sys.argv[1]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81344fdee1c0a322 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/228 custom_target source/x.py:2
with open('x.c', 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a1f7a1af69af515 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/228 custom_target source/x.py:4
with open('y', 'w'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #548dfeb60039a08a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/242 custom target feed/my_compiler.py:13
    with open(sys.argv[1], 'w+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #556d423d3bfc5539 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage1.py:5
assert(Path(sys.argv[1]).read_text() == 'stage1\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e02fab94366066e2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage1.py:6
Path(sys.argv[2]).write_text('stage2\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be648bdd893f0d00 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage2.py:5
assert(Path(sys.argv[1]).read_text() == 'stage2\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5da822588ccbb534 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage2.py:6
Path(sys.argv[2]).write_text('int main(void){}\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11b78392ae592e7d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/269 configure file output format/compare.py:3
with open(sys.argv[1], 'r', encoding='utf-8') as f, open(sys.argv[2], 'r', encoding='utf-8') as g:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f57c4858960e8a9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:5
ENV_VAR_VALUE = os.environ.get('ENV_VAR_VALUE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db29ece7e2324633 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:8
with open(sys.argv[1], 'r') as infile, \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d8a4cb2bd4f8100 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:9
     open(sys.argv[2], 'w') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #793699c02bea684e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/274 customtarget exe for test/generate.py:12
    with open(a, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f42c4d1540ad4d6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/275 environment/testenv.py:9
if os.environ.get(key) == expected:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63ab611821a14e85 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/275 environment/testenv.py:12
sys.exit(f'Expected {expected!r}, was {os.environ.get(key)!r}')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #996ce04105406530 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/33 run program/check-env.py:5
assert os.environ['MY_PATH'] == os.pathsep.join(['0', '1', '2'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #572b10f6d38a883b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:6
assert os.environ['MESONTESTING'] == 'picklerror'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19a2b274d0b9357d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:7
assert os.environ['TEST_LIST_FLATTENING'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67d88911af4bb606 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acf70269b24308e8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/depfile/dep.py:12
with open(output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20c7e341a169bc8f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/depfile/dep.py:14
with open(depfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17779bcc9dcc7321 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:11
    assert os.environ['MY_COMPILER_ENV'] == 'value'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bcba9cac683fe7c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:16
    with open(args[1].split('=')[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b089ce3db0f208b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:21
    with open(args[2].split('=')[1], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73fb2456d6a183fd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a26fbd758df10ed9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler.py:14
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c968138dc1024fa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler2.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f48b0a0a23f5c525 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler2.py:14
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ff22420d950f5f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/usetarget/subcomp.py:5
with open(sys.argv[1], 'rb') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0608f215b41693c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/usetarget/subcomp.py:6
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd47dbc3059ba6e1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:6
assert 'MESON_SOURCE_ROOT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb870c3c3ce99ce6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:7
assert 'MESON_BUILD_ROOT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d830b92d1bfbf2bc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:8
assert 'MESON_SUBDIR' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c14995e2c94fe2a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:9
assert 'MESONINTROSPECT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43a939aadf0cf2b3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:10
assert 'MY_ENV' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2da434ec6af8356 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:15
env_source_root = Path(os.environ['MESON_SOURCE_ROOT']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0cbc7bb7bc36ee1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:16
env_build_root = Path(os.environ['MESON_BUILD_ROOT']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #627fe3385553cef6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:17
env_current_source_dir = Path(env_source_root, os.environ['MESON_SUBDIR']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32e072aa3034bf7b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/converter.py:5
with open(sys.argv[1], 'rb') as ifile, open(sys.argv[2], 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe625d60b84a2b9a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/fakeburner.py:9
    with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0765c1e9e001d5bd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/customtarget.py:12
    with open(os.path.join(args.dirname, '1.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7b3f0bb7e6bc862 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/customtarget.py:14
    with open(os.path.join(args.dirname, '2.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce06fdbd00c8e96e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:7
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6f0295588bd8511 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:8
dry_run = bool(os.environ.get('MESON_INSTALL_DRY_RUN'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49cccea6081a852e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:30
                with open(os.path.join(dirname, name), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cc4d5572e57e0a0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/src/myinstall.py:6
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc5dd32ac787337b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/src/myinstall.py:13
with open(os.path.join(dirname, sys.argv[2] + '.in'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fbe1481f3679c55 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/54 custom target source output/generator.py:10
with open(os.path.join(odir, 'mylib.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6d11043d91129ef Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/54 custom target source output/generator.py:12
with open(os.path.join(odir, 'mylib.c'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a4273fffb4092a1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/57 custom header generator/makeheader.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daf25c480bd2ffef Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/57 custom header generator/makeheader.py:11
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33d1a0d439ddce41 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59df29682bc7b934 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:16
with open(outhdr, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #068a604a6fcb30ad Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:18
with open(outsrc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89206696a418ddca Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:13
    with open(infile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62b643c1f69d9506 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:16
        with open(outfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f721c8e45b29d10 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:22
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #621d29a3a9274e37 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/69 configure file in custom target/src/mycompiler.py:5
with open(sys.argv[1]) as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c6f15b3cbfa6f37 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/69 configure file in custom target/src/mycompiler.py:8
with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0017288f88b2bc96 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen1.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c28f82173a71aac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen1.py:11
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75b493ed7d301925 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen2.py:9
with open(files[0]) as ifile, open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #128575e00796432d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/8 install/gendir.py:8
open(fname, 'w').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a23c0b29d6414f92 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/86 private include/stlib/compiler.py:29
with open(cfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #333098b212b1c8db Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/86 private include/stlib/compiler.py:31
with open(hfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f3e87a2dcad3806 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/88 dep fallback/subprojects/boblib/genbob.py:5
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f891987315cddf2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen.py:21
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e19c061b43cc120f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen.py:26
with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04f625588223c5e1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:17
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0568e9b85d7b99b8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:22
with open(output_c, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97b19a92d449eea1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:31
with open(output_h, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43fce05b06fc90e0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen3.py:12
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93de0733042b0765 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/92 test workdir/subdir/checker.py:5
data = open(sys.argv[1], 'rb').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #435ca7143e48bb91 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:10
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deb6e6be8f6051f5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:43
with open(outc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58181c3027bad174 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:50
with open(outh, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4edf448908caf50f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:57
with open(tmpc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1febef3b4a4eed6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:68
with open(tmpc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40f584aa400476c4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:10
input_file = os.path.join(os.environ['MESON_SOURCE_ROOT'], 'raw.dat')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97499c7d67ab7299 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:11
output_file = os.path.join(os.environ['MESON_BUILD_ROOT'], 'generated.h')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f4618c4aa04a52a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:13
with open(input_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #824152a5f259a870 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:15
with open(output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffab8d888a7ef278 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/gen.py:10
with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bfa33ce05483e3d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/generator.py:11
with open(args.input) as i, open(args.output, 'w') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51e98668249c0739 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/libdir/gen.py:10
with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d9dfcb72b7fc596 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/40 custom target plainname many inputs/catfiles.py:6
with open(out, 'wb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf997f83c5b4064f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/40 custom target plainname many inputs/catfiles.py:8
        with open(infile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14170c543bb0a719 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:11
with open(os.path.join(odir, name + '.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2144dd32c2ffb2db Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:13
with open(os.path.join(odir, name + '.c'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f31ac58f7c06ddeb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:15
with open(os.path.join(odir, name + '.sh'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10da18c6b63882f4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/89 custom target install data/preproc.py:11
with open(outf, 'wb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0e9bf1581543738 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/89 custom target install data/preproc.py:12
    with open(inf, 'rb') as i:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e850cac2ba3ebf5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/format/5 transform/file_compare.py:16
    with open(args.actual, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9064a6e7b2784d12 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/format/5 transform/file_compare.py:18
    with open(args.expected, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76d78ca0268744f8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/fortran/7 generated/gen.py:36
    with open(args.input, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f2dfc6b5ba00ddb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/fortran/7 generated/gen.py:41
    with open(args.output, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8253268747637bc5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/10 gtk-doc/include/generate-enums-docbook.py:52
        with open(sys.argv[1], 'w') as doc_out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5ea282e44de3602 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/4 qt/subfolder/generator.py:5
    with open(sys.argv[1], "w") as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8a3d6c34840d860 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/6 gettext/data3/verify.py:12
with open(fname, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dea4d554f6ea985 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/osx/2 library versions/require_pkgconfig.py:6
if 'CI' in os.environ or shutil.which('pkg-config'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4fe4a6bd43298f5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/python/4 custom target depends extmodule/blaster.py:25
    with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c9a05a01e1052fb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/python3/4 custom target depends extmodule/blaster.py:26
    with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d9d520c79cdedd6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/rust/11 generated main/gen.py:12
    with open(args.out, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9e557455da9b665 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/rust/19 structured sources/gen.py:12
    with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5a12a2ff1d09503 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/2 testsetups/envcheck.py:5
assert 'PATH' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38b8c83003521024 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/26 install umask/myinstall.py:6
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0faabf3a4b70ed4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/26 install umask/myinstall.py:16
with open(os.path.join(dirname, sys.argv[2]), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edf10dbae5f3e9bb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:10
source_root = pathlib.Path(os.environ['MESON_DIST_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d1c246cb5cdc4e4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:14
contents = modfile.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fe5095ff039a6fa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:16
modfile.write_text(contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6968d082854f587d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/subprojects/sub/dist-script.py:11
source_root = pathlib.Path(os.environ['MESON_PROJECT_DIST_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02e5d26c0ba9f297 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/subprojects/sub/dist-script.py:12
mesonrewrite = shlex.split(os.environ['MESONREWRITE'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f015e16488a9d87d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/45 native dep pkgconfig var/cross_pkgconfig.py:7
environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f691f7250d6d4857 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:5
assert 'ENV_A' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e26a5e69c3e719ea Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:6
assert 'ENV_B' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fe0bb91128bcac7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:7
assert 'ENV_C' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0475133aa255ba3c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:9
print('ENV_A is', os.environ['ENV_A'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3dfc2278050d5b4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:10
print('ENV_B is', os.environ['ENV_B'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bf2c3a748af827e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:11
print('ENV_C is', os.environ['ENV_C'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17d113ff1dcfad0f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/67 test env value/test.py:6
assert os.environ['TEST_VAR'] == sys.argv[1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #340c777f1e294936 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/70 cross test passed/exewrapper.py:15
    defined = 'MESON_EXE_WRAPPER' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c065d52ed79a381 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/70 cross test passed/exewrapper.py:18
        print(os.environ, file=sys.stderr)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62e8b1754ff40542 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:5
assert os.environ['MESON_DEVENV'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5586795e5a252ac9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:6
assert os.environ['MESON_PROJECT_NAME'] == 'devenv'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ddd1ced06e19684 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:7
assert os.environ['TEST_A'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fb17e8e89f70a1e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:8
assert os.environ['TEST_B'] == '0+1+2+3+4'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c05bf5ac9e79a74 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:9
assert os.environ['TEST_C'] == os.pathsep.join(['/prefix', '/suffix'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e26bf2b958be7bd3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/94 custominc/easytogrepfor/genh.py:5
f = open(sys.argv[1], 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc209148eb1c1b55 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/98 install all targets/script.py:6
  with open(f, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a49e4f6868a75b93 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/98 install all targets/subdir/script.py:6
  with open(f, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50c57257344880ab Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/vala/10 mixed sources/c/writec.py:11
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dd261eda0a6576c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/vala/8 generated sources/src/write_wrapper.py:11
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c5d821a860bb7fd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/10 vs module defs generated custom target/subdir/make_def.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b65bf00b527f1fb5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/12 resources with custom targets/res/gen-res.py:5
with open(sys.argv[1]) as infile, open(sys.argv[2], 'w') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cae1a439e61cd9e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/14 resources with custom target depend_files/ico/gen-ico.py:5
with open(sys.argv[1], 'rb') as infile, open(sys.argv[2], 'wb') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9e2786c86c635e7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/16 gui app/gui_app_tester.py:8
    if 'CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #42b722603411bf3f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/ac_converter.py:362
with open(sys.argv[1], encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7ad348c1b8f5f59b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:69
    raw = jamroot.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ab6bd9b4992fbcc8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:82
    raw = jamfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2116dd2222f763f7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:176
    data = json.loads(meta_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #089c30975bbdea9f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/tools/build_website.py:30
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #69a937a0e917f893 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/dircondenser.py:46
    with open(sourcefile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ce27f6bec0bcfcaf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/dircondenser.py:50
    with open(sourcefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1115f7e59763efee Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:23
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1410fa6267e9eeb9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:121
            with open(output_dir / (cmd+'_'+typ+'.inc'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #6ecb81a06d68673a Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:125
    url = urlopen('https://wrapdb.mesonbuild.com/v2/releases.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #099285420a9f9e65 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:127
    with open(output_dir / 'wrapdb-table.md', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #61f495e11a885baf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:160
        with open(output_dir/dummy_output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55c5f05c666d6bd7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:12
        if v in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d516effb4cd43ef Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:13
            del os.environ[v]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2f3579f06366842 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:16
    os.environ.setdefault('MESON_UNIT_TEST_BACKEND', 'ninja')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d096d471f0a2a74f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:134
                with open(fin, 'wb') as fobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41b4a8bdb3cb7959 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:138
                    with open(fout, 'rb') as fobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dece697bfa8953b1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:256
                with open(os.path.join(self.builddir, header), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7f64f4121f798a8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:260
                with open(os.path.join(cmake_builddir, header), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42a1001faabcae93 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:540
        text_log = Path(self.logdir, 'testlog.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75e07cc591b6d8aa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:542
        json_log = json.loads(Path(self.logdir, 'testlog.json').read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0f915ef54085483 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:740
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8853231bc211457 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:759
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9360232b1d24fd0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:801
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #112b4556483a0db4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:806
        with open(os.path.join(self.logdir, 'testlog-valgrind.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #578b73b3c4b482e5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:826
        with open(os.path.join(self.logdir, 'testlog-good.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6af8a5bf3ea0a34 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:831
        with open(os.path.join(self.logdir, 'testlog-good.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad42ebdec39aeff5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:867
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #767a0416b1c25371 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:872
        with open(os.path.join(self.logdir, 'testlog-mydefault.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f83267186e961107 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:877
        with open(os.path.join(self.logdir, 'testlog-other.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b43aa0e9e9247dc6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1056
        if mesonbuild.environment.detect_msys2_arch() and ('MESON_RSP_THRESHOLD' in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91c1bfcb157009ef Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1121
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5678ec03802f2a32 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1142
            if evar in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dced3a09666e56b3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1155
                        evalue = os.environ.pop(evar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77ff214cbf8ee9a0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1236
                    if 'arch' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eeec1e1da718a1e9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1237
                        if os.environ['arch'] == 'x64':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b4de7fc9720d903 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1248
                os.environ[evar] = ' '.join(quote_arg(w) for w in wrappercc)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8ab82ecf9caae75 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1252
                os.environ['AR'] = ' '.join(quote_arg(w) for w in wrapperlinker)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02611f6467f5d5f9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1267
                del os.environ['AR']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b16109ed1f792f58 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1343
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbac4c5a8f9d3bc1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1574
            with open(os.path.join(project_dir, '.hg', 'hgrc'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0010eef4e97483cf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1615
        with open(os.path.join(path, 'meson.build'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1643437192000a60 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1623
            with open(os.path.join(project_dir, 'meson.build'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa1d4cf9e22f36af Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1633
            with open(distexe_c, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d7644e27811183c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1971
                with open(os.path.join(d, 'alexandria.pc'), 'w',
                          encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7866e1807181cb80 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2013
                with open(os.path.join(d, 'alexandriaConfig.cmake'), 'w',
                        encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23f59ce2274817d5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2142
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3d65ed9cdf686bd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2150
        os.environ['PKG_CONFIG_LIBDIR'] = self.privatedir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3663d8df37b3494 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2174
            with open(os.path.join(self.privatedir, name), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80c0a259e167a232 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2542
                            with open(os.path.join(tmpdir, 'foo.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c09ed4b59752c888 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2549
                            with open(os.path.join(tmpdir, 'bar.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2d171f4e54eeabe Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2560
                            with open(os.path.join(tmpdir, 'Foo.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84fcee82d6bd12f2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2567
                            with open(os.path.join(tmpdir, 'Bar.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b9f278ca6c24665 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2984
        with open(os.path.join(self.builddir, 'nosubst-nocopy1.txt'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e63f8551e46d752 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2986
        with open(os.path.join(self.builddir, 'nosubst-nocopy2.txt'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17095a44b91ffb3c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2993
                of = open(mfile, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f19f5abdd01a2a91 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3089
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cce0c2ebf098c2c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3092
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #326c6568ed76a86e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3117
        open(filename, 'w', encoding='utf-8').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6d080b8452e1d2d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3272
            self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20b933cf6a0b5f84 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3273
                                Path(goodfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e1a4651943105e2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3274
            self.assertNotEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #741c4d1545b5d725 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3275
                                Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b34b329c4c839d60 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3279
            self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec8b993692dedfd7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3280
                                Path(goodfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a14bee35d0ce9c26 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3281
            self.assertNotEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a37319a3d50f92b0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3282
                                Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e89cfa180b5a8e6d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3285
            with open(includefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ab6fb5ede0f374c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3288
            self.assertEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #782c4ca1650fcb89 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3289
                             Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bb7f46911b1f70c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3335
        self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44932e15fb6850dd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3336
                            Path(fixedfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a8dc1bf4c659ea4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3341
        self.assertEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be7add402833f47f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3342
                         Path(fixedfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2705fc25e266459e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3393
        with open(os.path.join(infodir, 'intro-targets.json'), encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc0207c59565042e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3527
            with open(curr, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ad69870cefbb8bc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3665
            with open(curr, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a76f20fe9651f1e8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3675
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af9c482c8cf58090 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3690
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #234889c77dc8c6f8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3708
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8ba9a2e518fceb0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3719
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee26d9ca27d62e08 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4125
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb0cd227a6af4f11 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4142
        with open(doc_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a45645349441bca7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4345
            with open(os.path.join(srcdir, 'subprojects', 'wrap_git.wrap'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #461e5cb5ff04c4e2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4362
            with open(os.path.join(srcdir, 'subprojects', 'wrap_git.wrap'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42375985ef6f3792 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4399
        with open(machinefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f72a7e9968191951 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4428
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23cc06fa06ad107b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4437
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1aa5ae62edd8109 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4446
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34c24b7ff1aaba4d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4455
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f49b6415c65bd95b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4460
        with open(real_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87812fd26bc6854a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4587
        o = Path(fname).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de8d25ce79037c01 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4650
        with mock.patch.dict(os.environ, {'CFLAGS': '-DCFLAG', 'LDFLAGS': '-flto'}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #949f42fe8a1ae80d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4848
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e849516de8548096 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5181
        with open(gen_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4edda593566cd824 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5189
        with open(gen_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcdc119dcae037e9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5266
        olddata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #181c862735fab972 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5271
            newdata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #697d45c943573d34 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5280
            newdata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2d25d293fef0535 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5428
        with open(os.path.join(testdir, 'mod1.f90'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0330ef391dd7275 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5438
        with open(os.path.join(testdir, 'test.f90'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b6e0a24e2f3cf28 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:56
        cls.backend_name = os.environ.get('MESON_UNIT_TEST_BACKEND', 'ninja')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eef9a72a5dafe7b2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:91
        cls.env_patch = mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caab0631bc1c7339 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:94
        os.environ['COLUMNS'] = '80'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d65d572e3c29257 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:95
        os.environ['PYTHONIOENCODING'] = 'utf8'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc3739d17719ab19 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:131
        return open(log, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59e4b426ef62b02e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:157
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0484647b7c01211 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:261
            with mock.patch.dict(os.environ, override_envvars):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #194a45efea913f84 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:311
            with open(os.path.join(self.builddir, 'compile_commands.json'), encoding='utf-8') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5ee045c5b854b7e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:325
                with open(rsp, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a3ee3de9b657885 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:184
            with open(os.path.join(tmpdir, 'Cargo.lock'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fbd2d724aa93024 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:296
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a4fc5d4d2366390 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:310
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #694b1651a87427af Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:347
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5c34f4a8764c77b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:364
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c6ba36664a0cca5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:404
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5317f42222e3bfec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:440
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3a61cb9104c28fd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:460
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fedca85ffcf5b9d9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/darwintests.py:59
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51452afbef634a6d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/darwintests.py:70
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4724873605a3193e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:71
        with open('docs/markdown/Builtin-options.md', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cdb9a948e8df3dd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:105
        with open('docs/markdown/Builtin-options.md', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e84814222616ee1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:176
        with open("docs/markdown/Reference-tables.md", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5abf6cfa870cec8b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:192
        with open("docs/sitemap.txt", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99e907989b105647 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:206
        with open("docs/theme/extra/templates/navbar_links.html", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fad859dfabae55b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:218
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc9b30e8a5cd6a26 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:228
        del os.environ['MESON_RUNNING_IN_PROJECT_TESTS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad194a15efe49922 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:231
        with open('data/syntax-highlighting/vim/syntax/meson.vim', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d00bdf6a9bc2839d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:236
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec27b8d7a15c47dd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:246
        del os.environ['MESON_RUNNING_IN_PROJECT_TESTS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6272c86e575d1b4e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:93
        with open(self.mbuild, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #676e384595212673 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:102
            with open(self.moptions, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1973a30e0c862d1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:119
        with open(self.mbuild, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5f3133c09d1c439 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:33
    return os.environ.get('MESON_CI_JOBNAME', 'thirdparty') != 'thirdparty'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f5267f9f45911de Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:123
            if key in os.environ and not is_ci():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a40952ca2deab466 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:125
            with mock.patch.dict(os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ac9e67d3478da8f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:126
                os.environ.pop(key, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00238f83715fd509 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:227
    if os.environ.get('MESON_CI_JOBNAME') == name:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #004f24e9acdec152 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:554
                libpath.write_text('', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96c2e1420467d2e6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:676
            script_path.write_text('import sys\nprint(sys.argv[1])\n', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24cbecac4b83cb0b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:835
        if 'VCToolsVersion' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9afadfdd4d1d7ae Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:836
            vctools_ver = os.environ['VCToolsVersion']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e36d517b72f018c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:838
            self.assertIn('VCINSTALLDIR', os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d268fd3d6b123d8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:840
            vctools_ver = (Path(os.environ['VCINSTALLDIR']) / 'Auxiliary' / 'Build' / 'Microsoft.VCToolsVersion.default.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d15a96e342a67c46 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:840
            vctools_ver = (Path(os.environ['VCINSTALLDIR']) / 'Auxiliary' / 'Build' / 'Microsoft.VCToolsVersion.default.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1eb5580776f239bb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:1053
        with open('data/test.schema.json', 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbe60d10ed789cc1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:1064
                schema_validator(json.loads(p.read_text(encoding='utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75965f2934348a2d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:42
PKG_CONFIG = os.environ.get('PKG_CONFIG', 'pkg-config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9139d7dae3a5c5c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:58
    pkgconf = os.environ.get('PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab3758a183bcd66c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:141
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d8aebf6df5480c0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:153
        os.environ['PKG_CONFIG_LIBDIR'] = self.privatedir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bddc4a19bc65e36c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:209
        with open(os.path.join(privatedir2, 'dependency-test.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e5167ccdfd38d9a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:240
        with open(os.path.join(privatedir1, 'simple2.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86d01524f096ff6a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:245
        with open(os.path.join(privatedir1, 'simple3.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48e7269e680b0e11 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:249
        with open(os.path.join(privatedir1, 'simple5.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d38e8ec92054497 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:253
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #529ca353141876bf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:259
        os.environ['PKG_CONFIG_LIBDIR'] = os.path.join(self.builddir, 'meson-uninstalled')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c9759bb1a5313dd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:261
            os.environ['PATH'] += os.pathsep + self.builddir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14d936aafb86f36d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:272
        with open(os.path.join(self.privatedir, 'somename.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7384033cb18a324f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:809
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bee22f04283cac5b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:834
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44583f5f0b9481db Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1119
            myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37f6ed37b81f0d8f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1130
            myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6b2045bc5c34af2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1260
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce74e8d4ae94a3ec Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1275
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #805c31ff3ae368bc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1288
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77c28d8ca9ee99b5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1300
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef85dbda6c057824 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1319
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5167c8fcc32cdd55 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1332
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5db847fd65d982ee Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1418
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dafa9262e525dca Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1483
                os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3d82e1a4e5c0ef6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1533
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #081c6e3261b33a03 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1542
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92519ffa24ddf319 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1641
            with mock.patch.dict(os.environ, {envvar: name}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfd0b63da2d59585 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1692
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #102fd40eac6ce9f8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1716
        with open(wrap_filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc70289d3e4064d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1744
            with open(os.path.join(d, 'meson.build'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eed89a6a154187c4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1755
        with open(os.path.join(self.privatedir, 'bar1.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bac3dfac51feec9c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1758
        with open(os.path.join(self.privatedir, 'bar2.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d550729a53c5975a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1766
        if 'clang' in os.environ.get('CC', 'dummy') and not is_osx():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b4ee4f64f0ed6ed Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1879
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0b02f21b5e69bf5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:80
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6ff822d21a30f12 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:102
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f438057f3a46d9b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:140
        with open(batfile, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eeaf820dccd0eb2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:174
                with open(fifo, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b78f08806eb9735b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:762
    @skipIf('MESON_EXE' in os.environ, 'MESON_EXE is defined, cannot use mocking.')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61c754e840a36ef5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:776
            with mock.patch.dict(os.environ, {'XDG_DATA_HOME': d}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37e913a7e3119cee Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:780
            with mock.patch.dict(os.environ, {'XDG_DATA_DIRS': d}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8550b491e17a8b5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:781
                os.environ.pop('XDG_DATA_HOME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6cfb757fd5f0eb5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:795
            with mock.patch.dict(os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ffc7979e083a61e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:796
                os.environ.pop('XDG_DATA_HOME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4232a76d881752b4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:809
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3db568769ca48643 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:909
                    del os.environ[k]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57e660978865bfcb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:104
                with open(os.path.join(self.builddir, 'meson-info', 'intro-targets.json'), 'r', encoding='utf-8') as tgt_intro:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f287b2d6abac047a Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:141
            with urllib.request.urlopen('https://wrapdb.mesonbuild.com') as p:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #59293c82967f88f6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:174
        with open(os.path.join(testdir, 'test.json'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4246fcadd1d877e1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:295
        with open(os.path.join(self.builddir, 'meson-logs', 'profile-startup-modules.json'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f2bb663b6f9f20d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:298
        with open(os.path.join(testdir, 'expected_mods.json'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9868e95bc9d13295 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:387
        with open(editorconfig, 'w', encoding='utf-8') as handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #832f219e4ed28855 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:453
        with open(os.path.join(testdir, 'meson_options.txt'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1e86591a932dbb8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:462
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aca2c27b78c9ada Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:464
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b759d9a3f322af6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:497
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c18dc5a2847866d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:499
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a48d7d1738bd1b02 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:512
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c93e4458c1da0df3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:514
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16dd5f323d06e372 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:537
        with open(os.path.join(testdir, 'meson.options'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df0aec34ea123982 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:546
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33443908187d9b98 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:555
        with open(os.path.join(testdir, 'subprojects/subproject/meson_options.txt'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a51a9744d74707f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/pythontests.py:44
            mesonfile.write_text('''project('test', 'c', version: '1')
pymod = import('python')
python = pymod.find_installation('python3', required: true)
''', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b39de51a87c69f9c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/rewritetests.py:465
        original_contents = meson_build_file.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd5f5ebcdaa5592c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/rewritetests.py:511
        expected = Path(test_path / "expected_dag.txt").read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48a505d7a4a1496f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:35
        with open(str(path / 'meson.build'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf995697432b096a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:97
        with open(str((self.subprojects_dir / name).with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #904eb50611cb2bcc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:112
        with open(str((self.subprojects_dir / name).with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f741658c483beeaf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:260
        with open(str((self.subprojects_dir / 'redirect').with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b840931ffc19a28 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:49
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43466e4bf8d96942 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:78
        os.environ['PATH'] += os.pathsep + testdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1bd864966e1cb99 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:80
        if '.PY' in [ext.upper() for ext in os.environ['PATHEXT'].split(';')]:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b361412104269fd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:104
        path = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61eb605d05ad56dd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:106
            username = os.environ['USERNAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2383573c56fc8fb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:240
            current_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #add84db50e4e04cd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:296
            with mock.patch.dict(os.environ, {envvar: name}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #344243e152bda7b0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:386
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e63d3abd81ac62b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:438
        if 'VSCMD_VER' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd32c5b2771ba64d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:440
        if version_compare(os.environ['VSCMD_VER'], '<16.10.0'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #810c81a0de803afb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:466
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openhands-agent-server

python dependency
expand_more 65 low-confidence finding(s)
low env_fs dependency Excluded from app score #949bd6b7336cdae6 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/__main__.py:59
    for source in (extra_paths, os.environ.get(_EXTRA_PYTHON_PATH_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5013f905c8bec049 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/__main__.py:242
    os.environ[_INTERNAL_SERVER_URL_ENV] = _get_internal_server_url(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #366e6d620ce0f60f Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/api.py:83
    existing = os.getenv("TMUX_TMPDIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #488060592cd3dc46 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/api.py:89
    os.environ["TMUX_TMPDIR"] = str(tmux_tmpdir)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #638a922913a6dc4a Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/api.py:268
        if tmux_tmpdir_was_defaulted and os.environ.get("TMUX_TMPDIR") == str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85d64f9231f70392 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/api.py:271
            os.environ.pop("TMUX_TMPDIR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae8361d53bdc7768 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/bash_service.py:64
        with open(filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18c02d06116be3b8 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/bash_service.py:72
            json_data = filepath.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4518d6173de5bd1a Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/config.py:38
    session_api_key = os.getenv(V0_SESSION_API_KEY_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b91cb6f4e92dd72a Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/config.py:51
    session_api_key = os.getenv(V0_SESSION_API_KEY_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4efaaf9d698f93c3 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/config.py:54
    session_api_key = os.getenv(V1_SESSION_API_KEY_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2dabb50069c7e10 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/config.py:61
    web_url = os.getenv("OH_WEB_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4619807787df527 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/config.py:297
    data = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c39c7e9a5eb1f74e Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/config.py:311
        resolved_path = Path(os.getenv(CONFIG_PATH_ENV, DEFAULT_CONFIG_PATH))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e39ba396b043eae4 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/conversation_lease.py:238
            raw_payload = json.loads(self._lease_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3a066891c0c8f85 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/conversation_lease.py:280
        tmp_path.write_text(json.dumps(payload))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb953814798b4b3d Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/conversation_service.py:1167
                json_str = meta_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a99622e4b62f7d06 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/desktop_service.py:23
        self.novnc_port: int = int(os.getenv("NOVNC_PORT", "8002"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90919ef1f29587ec Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/desktop_service.py:52
                xstartup.write_text(
                    "#!/bin/sh\n"
                    "unset SESSION_MANAGER\n"
                    "unset DBUS_SESSION_BUS_ADDRESS\n"
                    "exec startxfce4\n"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c2cb0e3504676b4 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:86
            cfg = tomllib.loads(py.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc2e92713a72e728 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:330
    git_sha = os.environ.get("SDK_SHA") or os.environ.get("GITHUB_SHA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25a155736617ffd5 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:340
    git_ref = os.environ.get("SDK_REF") or os.environ.get("GITHUB_REF")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cf8099f3a40b7b2 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:367
                cfg = tomllib.loads(pyproject_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffc241a28f84bb97 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:655
    root = os.environ.get("BUILD_CACHE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a858e59102ece7e Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:658
    xdg = os.environ.get("XDG_CACHE_HOME", str(Path.home() / ".cache"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56da83ecbf136e01 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:854
    cache_export_mode = os.environ.get("OPENHANDS_BUILDKIT_CACHE_MODE", "max").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38620dcaad24a413 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:974
    v = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3543c7cb0f991a9 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1086
        github_output = os.environ.get("GITHUB_OUTPUT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69d62c9998b059c2 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1088
            with open(github_output, "a") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b696c298cf93a7a Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1113
            if os.environ.get("PUSH") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdc6e33306d6381b Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1115
            if os.environ.get("LOAD") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb6369d8a8320941 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1151
        out_path = os.environ.get("GITHUB_OUTPUT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fc23612d2788df6 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/docker/build.py:1154
        with open(out_path, "a", encoding="utf-8") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a9c43ed86b40d5d Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:52
        if key not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a5f4b0704fec55 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:54
        return os.environ[key].upper() in ["1", "TRUE"]  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd5f7c90af12898c Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:62
        if key not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98818b9a8ed35544 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:64
        return int(os.environ[key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8fb6ece278ce75b Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:69
        if key not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e17336d78e2fe2d Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:71
        return float(os.environ[key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d1ad05e1dab5717 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:76
        if key not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c76db48082bc28f8 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:78
        return os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63d2732747c68f15 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:84
        value = (os.getenv(key) or "").upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66b45679306d38eb Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:99
        value = os.getenv(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba86e6c441c913bd Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:120
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cc3364e7561f918 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:134
                (k for k in os.environ if k.startswith(env_var_name)), False

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6670b73092767477 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:168
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8060684c0a637d01 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:184
        if key not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b209e61de693aa9 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:200
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e50380b7e13097d Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/env_parser.py:280
        kind = os.environ.get(f"{key}_KIND", MISSING)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c56fb49c2c0a7d50 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/event_service.py:123
            meta_file.read_text(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26a202fdb128e686 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/event_service.py:132
            meta_file.write_text(
                self.stored.model_dump_json(
                    context={
                        "cipher": self.cipher,
                    }
                )
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfd223cb7c5c9734 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/file_router.py:86
        with open(target_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #878f4344d3419f54 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/file_router.py:367
    env = {**os.environ, "GIT_INDEX_FILE": str(index_path)}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6a83effbf32d2d0 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/file_router.py:392
        with open(output_path, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #775dc913eef46b44 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/file_router.py:538
        f = open(file_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e95522b2625657e2 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/init_router.py:204
                    os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1439989ac0ae897b Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/middleware.py:57
            docker_host_addr = os.environ.get("DOCKER_HOST_ADDR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56fadb20638f1e4c Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/openapi.py:18
    schema_path = Path(os.environ["SCHEMA_PATH"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5e9459788774183 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/openapi.py:20
    schema_path.write_text(json.dumps(schema, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84bb02cff7b3e590 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/persistence/store.py:700
    env_dir = os.environ.get("OH_PERSISTENCE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b69171eaff32367d Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/persistence/store.py:719
    env_dir = os.environ.get("OH_PERSISTENCE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3425f02cd1cebee Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/plugins_service.py:276
            with open(marketplace_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #225679de8daf2520 Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/server_details_router.py:51
        default_factory=lambda: os.environ.get("OPENHANDS_BUILD_GIT_SHA", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bbcd23c0650544b Environment-variable access.
pkgs/python/[email protected]/openhands/agent_server/server_details_router.py:54
        default_factory=lambda: os.environ.get("OPENHANDS_BUILD_GIT_REF", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8cdd4a14067caa8 Filesystem access.
pkgs/python/[email protected]/openhands/agent_server/skills_service.py:724
            with open(marketplace_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openhands-tools

python dependency
expand_more 31 low-confidence finding(s)
low env_fs tooling reachable #ddd84127302bdb58 Filesystem access.
pkgs/python/[email protected]/openhands/tools/apply_patch/definition.py:93
            with open(fp, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #a1c51d34601df314 Filesystem access.
pkgs/python/[email protected]/openhands/tools/apply_patch/definition.py:99
            with open(fp, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ece48d1e2a3c3d78 Filesystem access.
pkgs/python/[email protected]/openhands/tools/browser_use/event_storage.py:56
        with open(filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #25de9346fe53a596 Environment-variable access.
pkgs/python/[email protected]/openhands/tools/browser_use/impl.py:110
        os.environ.get("PROGRAMFILES", "C:\\Program Files"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #42a5be2c2e248c7d Environment-variable access.
pkgs/python/[email protected]/openhands/tools/browser_use/impl.py:111
        os.environ.get("PROGRAMFILES(X86)", "C:\\Program Files (x86)"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e6c0d4fe1ac25a64 Environment-variable access.
pkgs/python/[email protected]/openhands/tools/browser_use/impl.py:112
        os.environ.get("LOCALAPPDATA"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c04030964c7abf65 Environment-variable access.
pkgs/python/[email protected]/openhands/tools/browser_use/impl.py:155
            if local_app_data := os.environ.get("LOCALAPPDATA"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f53f0954757e52f5 Environment-variable access.
pkgs/python/[email protected]/openhands/tools/browser_use/impl.py:362
            if os.getenv("OH_ENABLE_VNC", "false").lower() in {"true", "1", "yes"}:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #33e2598af889eb5f Filesystem access.
pkgs/python/[email protected]/openhands/tools/browser_use/recording.py:85
    return filepath.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4e46fd32af56ef41 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:174
        with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #edad906f573e488f Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:336
                with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f77b9dc1e190b2a2 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:570
        with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #80b13af7ebaf5fe2 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:582
        with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #9aaf1c40a90f61eb Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:759
                with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #29d69a2492f6aa8f Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/editor.py:772
                with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #05e60f943802fe51 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/utils/encoding.py:49
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #82ad2edd4d3ba8e6 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/utils/file_cache.py:81
        with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f6776c988553d4d6 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/utils/file_cache.py:112
        with open(file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1bced7e2441d5959 Filesystem access.
pkgs/python/[email protected]/openhands/tools/file_editor/utils/file_cache.py:149
                with open(file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #0014a36df0a49bed Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/edit/impl.py:64
                with open(resolved_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7ddb1a5d3a6c85a7 Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/edit/impl.py:105
            with open(resolved_path, encoding="utf-8", errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #579f0ca108a07495 Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/edit/impl.py:160
            with open(resolved_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #90668e374736a7b6 Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/read_file/impl.py:75
            with open(resolved_path, encoding="utf-8", errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #733b271459a6b6cf Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/write_file/impl.py:65
                with open(resolved_path, encoding="utf-8", errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2152f4d05502538c Filesystem access.
pkgs/python/[email protected]/openhands/tools/gemini/write_file/impl.py:75
            with open(resolved_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b613967d6175a8ec Filesystem access.
pkgs/python/[email protected]/openhands/tools/grep/impl.py:300
                    content = file_path.read_text(encoding="utf-8", errors="ignore")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #16473ee4bf2216f9 Filesystem access.
pkgs/python/[email protected]/openhands/tools/planning_file_editor/definition.py:124
            plan_file.write_text(get_plan_headers())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b44b96cfb455a551 Filesystem access.
pkgs/python/[email protected]/openhands/tools/task_tracker/definition.py:243
            with open(tasks_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #95f49564decc1754 Filesystem access.
pkgs/python/[email protected]/openhands/tools/task_tracker/definition.py:262
            with open(tasks_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fd13f70d8af12c11 Environment-variable access.
pkgs/python/[email protected]/openhands/tools/terminal/terminal/windows_terminal.py:158
        env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #6ac13dd1cda4277b Environment-variable access.
pkgs/python/[email protected]/openhands/tools/terminal/timeout_policy.py:20
    raw = (env or os.environ).get(RUNTIME_IDLE_TIMEOUT_SECONDS_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

orjson

python dependency
expand_more 40 low-confidence finding(s)
low env_fs dependency Excluded from app score #10e71e1cfd4287bd Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:118
data = json.load(open("../encoding/encodings.json", "r"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1779a844852491dc Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:120
indexes = json.load(open("../encoding/indexes.json", "r"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9a8e8941b8ca472 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:366
  partially_generated_file = open(path, "r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71a5d198494114f0 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:387
label_file = open("src/lib.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7ab82014b8cb701 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:405
  docfile = open("doc/%s.txt" % name, "r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d76b1a4ebdb49757 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:457
label_test_file = open("src/test_labels_names.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e62979d1f9a50b5d Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:484
data_file = open("src/data.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bf06905613f8fc9 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1173
variant_file = open("src/variant.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd2ac877aded904d Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1417
ffi_file = open("../encoding_c/src/lib.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba3261a11ebb89f9 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1440
single_byte_file = open("src/single_byte.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5aa395787188e85 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1494
static_file = open("../encoding_c/include/encoding_rs_statics.h", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f37585406a093d3c Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1560
utf_8_file = open("src/utf_8.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5843944f377f4e23 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1623
jis0208_in_file = open("src/test_data/jis0208_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b1b03bfbdd95ee8 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1632
jis0208_in_ref_file = open("src/test_data/jis0208_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #381a7df31c733f13 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1642
jis0208_out_file = open("src/test_data/jis0208_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50237202c7730fbf Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1643
jis0208_out_ref_file = open("src/test_data/jis0208_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31a4644e5d7801ee Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1660
shift_jis_in_file = open("src/test_data/shift_jis_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66a3155bdc3bfa6d Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1669
shift_jis_in_ref_file = open("src/test_data/shift_jis_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9d4fb8c54eac923 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1684
shift_jis_out_file = open("src/test_data/shift_jis_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c1c7dd8e45178f1 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1685
shift_jis_out_ref_file = open("src/test_data/shift_jis_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #351c3e1ad1997260 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1713
iso_2022_jp_in_file = open("src/test_data/iso_2022_jp_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12ad0a8b28370825 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1722
iso_2022_jp_in_ref_file = open("src/test_data/iso_2022_jp_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1305a96bc80252e6 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1732
iso_2022_jp_out_file = open("src/test_data/iso_2022_jp_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aed328c9f9babf2d Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1733
iso_2022_jp_out_ref_file = open("src/test_data/iso_2022_jp_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f848f1cea1d41d13 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1761
euc_kr_in_file = open("src/test_data/euc_kr_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #113d886322a58d83 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1770
euc_kr_in_ref_file = open("src/test_data/euc_kr_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #146f70a608c053a0 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1785
euc_kr_out_file = open("src/test_data/euc_kr_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5da9584e77173fd4 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1786
euc_kr_out_ref_file = open("src/test_data/euc_kr_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b436f856d1b6d2e5 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1802
gb18030_in_file = open("src/test_data/gb18030_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad84bac64009b098 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1811
gb18030_in_ref_file = open("src/test_data/gb18030_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e5e513be5b93253 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1826
gb18030_out_file = open("src/test_data/gb18030_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #328c3316ab5de87e Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1827
gb18030_out_ref_file = open("src/test_data/gb18030_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd33868d6afc9b40 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1845
big5_in_file = open("src/test_data/big5_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48ca004022bfd660 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1861
big5_in_ref_file = open("src/test_data/big5_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e0e79889fd3e0f9 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1898
big5_out_file = open("src/test_data/big5_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb8988746e43e3e9 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1899
big5_out_ref_file = open("src/test_data/big5_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b4e5def122c0a2c Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1921
jis0212_in_file = open("src/test_data/jis0212_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d748dcaf89e4b2e Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1930
jis0212_in_ref_file = open("src/test_data/jis0212_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28c35e7d837320a4 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1942
codepage_file = open("../codepage/src/lib.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b6a9e8794a44879 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1974
codepage_test_file = open("../codepage/src/tests.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pathspec

python dependency
expand_more 15 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #21adfe8f404aa24f Filesystem access.
pkgs/python/[email protected]/benchmarks/conftest.py:29
		__line for __line in cpython_gi_file.read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2774bc2016fc512f Filesystem access.
pkgs/python/[email protected]/benchmarks/conftest.py:137
	return flit_gi_file.read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0a2e8b96d8097af2 Filesystem access.
pkgs/python/[email protected]/benchmarks/gen_md_tables.py:17
	run_info = json.loads(in_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8358ca846553feb Filesystem access.
pkgs/python/[email protected]/prebuild.py:39
	output.append(CHANGES_1_IN_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #256cbf788bc7acbd Filesystem access.
pkgs/python/[email protected]/prebuild.py:43
	output.append(CHANGES_0_IN_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57aa2071bcd09bfe Filesystem access.
pkgs/python/[email protected]/prebuild.py:46
	CHANGES_RST.write_text("".join(output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07631d37d681b9fc Filesystem access.
pkgs/python/[email protected]/prebuild.py:61
	text = PYPROJECT_IN_TOML.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac7e77af4805ce23 Filesystem access.
pkgs/python/[email protected]/prebuild.py:64
	version_input = VERSION_PY.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fbaf6d0dacd217e Filesystem access.
pkgs/python/[email protected]/prebuild.py:74
	PYPROJECT_TOML.write_text("".join(output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0eb702dbb079173 Filesystem access.
pkgs/python/[email protected]/prebuild.py:84
	output.append(README_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9ac1db1f6acf4fd Filesystem access.
pkgs/python/[email protected]/prebuild.py:91
	output.append(CHANGES_1_IN_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cd593290e5a0c71 Filesystem access.
pkgs/python/[email protected]/prebuild.py:94
	README_DIST_RST.write_text("".join(output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a4267a7ae233a1a Filesystem access.
pkgs/python/[email protected]/testpypi_prepublish.py:36
	version_input = VERSION_PY.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2c6989604bc3277 Filesystem access.
pkgs/python/[email protected]/testpypi_prepublish.py:46
	output = PYPROJECT_TOML.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #606a8fad2032e71e Filesystem access.
pkgs/python/[email protected]/testpypi_prepublish.py:54
	PYPROJECT_TOML.write_text(output)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pexpect

python dependency
expand_more 15 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #dca57b5de8d83cbc Filesystem access.
pkgs/python/[email protected]/examples/chess2.py:52
            fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ad7f965ce9d3102b Filesystem access.
pkgs/python/[email protected]/examples/chess2.py:78
            fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ff9024f7b71a4ce2 Filesystem access.
pkgs/python/[email protected]/examples/chess2.py:127
    fout = open ('moves.log', 'a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ee7508b17ef2579e Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:48
        fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #90c4b5dd23a5a333 Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:61
        fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #01c80b94b33ed3ee Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:109
fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #60f6e75d045c1f20 Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:118
fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #22f0fcfe8972b3aa Environment-variable access.
pkgs/python/[email protected]/examples/hive.py:111
histfile = os.path.join(os.environ["HOME"], ".hive_history")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #028389dd2b218fb0 Filesystem access.
pkgs/python/[email protected]/examples/script.py:76
        fout = open(script_filename, "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #94828aabe5ec0332 Filesystem access.
pkgs/python/[email protected]/examples/script.py:78
        fout = open(script_filename, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9abbb7304576e015 Environment-variable access.
pkgs/python/[email protected]/examples/terminal_emulation.py:63
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #931c0657dd1b9f9e Filesystem access.
pkgs/python/[email protected]/pexpect/ANSI.py:178
    fout = open ('log', 'a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b58f5ed430a664c8 Filesystem access.
pkgs/python/[email protected]/pexpect/pxssh.py:366
            with open(ssh_config, 'rt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0a6297be2f622ff Environment-variable access.
pkgs/python/[email protected]/pexpect/utils.py:57
        env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aeab7278b688076d Filesystem access.
pkgs/python/[email protected]/setup.py:10
with open(os.path.join(os.path.dirname(__file__), 'pexpect', '__init__.py'), 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prompt-toolkit

python dependency
expand_more 20 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #306f02e969e3f615 Filesystem access.
pkgs/python/[email protected]/examples/full-screen/pager.py:23
with open(_pager_py_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fe6d76213251f8aa Filesystem access.
pkgs/python/[email protected]/examples/full-screen/text-editor.py:184
                with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #274cc3996eddef0b Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1560
        with open(filename, "w", encoding="utf-8") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d57d7a292c1cd5da Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1595
                    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d547cf74f402e53a Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1623
        visual = os.environ.get("VISUAL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcce9bb72d785922 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1624
        editor = os.environ.get("EDITOR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b333c289f2c5925d Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/completion/filesystem.py:115
            get_paths=lambda: os.environ.get("PATH", "").split(os.pathsep),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b63c9a71e50494a6 Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/history.py:282
            with open(self.filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54db6fb1e05fc518 Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/history.py:299
        with open(self.filename, "ab") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea630121f029cae0 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/color_depth.py:47
        if os.environ.get("NO_COLOR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #441145a2cc3307dd Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/color_depth.py:52
        if os.environ.get("PROMPT_TOOLKIT_COLOR_DEPTH") in all_values:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f852e8689f760a3c Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/color_depth.py:53
            return cls(os.environ["PROMPT_TOOLKIT_COLOR_DEPTH"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ab439fde72ddcf Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/vt100.py:722
        if os.environ.get("PROMPT_TOOLKIT_NO_CPR", "") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1ffe7954ffbe912 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/win32.py:72
        xterm = "xterm" in os.environ.get("TERM", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7966b9008366f4e Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/win32.py:80
                "that is compiled for Cygwin.".format(os.environ["TERM"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c43592b126ac659c Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/output/win32.py:119
            self.LOG = open(_DEBUG_RENDER_OUTPUT_FILENAME, "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63b0f3db566cab04 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:210
    return sys.platform == "win32" and os.environ.get("ConEmuANSI", "OFF") == "ON"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e112108fa0e743fd Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:224
    value = os.environ.get("PROMPT_TOOLKIT_BELL", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc78944e04bec268 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:230
    return os.environ.get("TERM", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b8d4d891727ffd1 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:325
        return is_dumb_terminal(os.environ.get("TERM", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

protobuf

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #b827a69690b4ad0e Environment-variable access.
pkgs/python/[email protected]/google/protobuf/internal/api_implementation.py:65
_implementation_type = os.getenv('PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION',
                                 _implementation_type)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f0ef39bab2cc8f4 Environment-variable access.
pkgs/python/[email protected]/google/protobuf/runtime_version.py:71
  disable_flag = os.getenv('TEMPORARILY_DISABLE_PROTOBUF_VERSION_CHECK')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d32076aa18c2018 Filesystem access.
pkgs/python/[email protected]/setup.py:28
  with open(os.path.join('google', 'protobuf', '__init__.py')) as version_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

psutil

python dependency
expand_more 27 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #755f8cc7a960c51c Filesystem access.
pkgs/python/[email protected]/docs/conf.py:39
    with open(INIT) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #216481afb9e9bf85 Environment-variable access.
pkgs/python/[email protected]/psutil/_common.py:34
PSUTIL_DEBUG = bool(os.getenv('PSUTIL_DEBUG'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e96a04fbbd8ff0c Filesystem access.
pkgs/python/[email protected]/psutil/_common.py:682
    return open(fname, "rb", buffering=FILE_READ_BUFFER_SIZE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3703bc1f05e6806a Filesystem access.
pkgs/python/[email protected]/psutil/_common.py:692
    fobj = open(  # noqa: SIM115
        fname,
        buffering=FILE_READ_BUFFER_SIZE,
        encoding=ENCODING,
        errors=ENCODING_ERRS,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22359bc047891a5b Environment-variable access.
pkgs/python/[email protected]/psutil/_psaix.py:375
        for path in os.environ["PATH"].split(":"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca19f93206423f9b Filesystem access.
pkgs/python/[email protected]/psutil/_psbsd.py:142
        with open('/proc/meminfo', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #557d1bf8faecf415 Filesystem access.
pkgs/python/[email protected]/psutil/_psbsd.py:276
        with open('/proc/stat', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b97bdbda900e64ea Environment-variable access.
pkgs/python/[email protected]/psutil/_pssunos.py:119
            f"PATH=/usr/sbin:/sbin:{os.environ['PATH']}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #17c113454cabecd5 Filesystem access.
pkgs/python/[email protected]/scripts/internal/convert_readme.py:33
    with open(args.file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1f5dc3c8780817f2 Filesystem access.
pkgs/python/[email protected]/scripts/internal/download_wheels.py:64
    with open(OUTFILE, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f75149b1a1a8a8c2 Filesystem access.
pkgs/python/[email protected]/scripts/internal/download_wheels.py:87
        with open(os.path.expanduser(args.tokenfile)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dfe125631995f1de Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:98
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2dd5ae7f67f49372 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:113
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #77cb9bc36bfc48e7 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:134
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0a6e90cdabe6b2f4 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:164
    with open(fname, errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #160716cf9ed4f5ec Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:178
        with open(fname, errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5ab8dd2a5eb7a20e Filesystem access.
pkgs/python/[email protected]/scripts/internal/git_pre_commit.py:156
    with open("MANIFEST.in", encoding="utf8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #67941b97c9aac90b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/internal/install_pip.py:34
        req = urlopen(URL, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #2677935ccccafb79 Filesystem access.
pkgs/python/[email protected]/scripts/internal/print_announce.py:81
    with open(HISTORY) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #281d28b003ffbb7d Environment-variable access.
pkgs/python/[email protected]/scripts/internal/print_downloads.py:42
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b5ff3ce28e4a6e22 Filesystem access.
pkgs/python/[email protected]/scripts/internal/print_hashes.py:18
    with open(file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #eb78609caeeea209 Filesystem access.
pkgs/python/[email protected]/scripts/internal/purge_installation.py:56
                with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #94dae38b9b05e8e6 Filesystem access.
pkgs/python/[email protected]/scripts/internal/purge_installation.py:64
                    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #995fbf451cad1988 Environment-variable access.
pkgs/python/[email protected]/setup.py:46
        if "CIBUILDWHEEL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c801750e53c6f8c Filesystem access.
pkgs/python/[email protected]/setup.py:142
    with open(INIT) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0aa28a3ff9046a5 Environment-variable access.
pkgs/python/[email protected]/setup.py:258
        if os.getenv('CC'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15e87ce883c5f4a4 Environment-variable access.
pkgs/python/[email protected]/setup.py:259
            compiler.set_executable('compiler_so', os.getenv('CC'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

psycopg2-binary

python dependency
expand_more 12 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #97a62f5260acc423 Filesystem access.
pkgs/python/[email protected]/doc/src/tools/make_sqlstate_docs.py:16
    with open(clsfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ebf84bf5308306f2 Filesystem access.
pkgs/python/[email protected]/scripts/make_errorcodes.py:40
    f = open(filename, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c5cb69c148929a4c Filesystem access.
pkgs/python/[email protected]/scripts/make_errorcodes.py:49
    for line in open(filename):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6765b32058be249c Filesystem access.
pkgs/python/[email protected]/scripts/make_errors.py:34
    f = open(filename, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #679b6b3fbab0f94c Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:47
    f1 = open(f'debug-{(opt.nruns - 1):02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e6289b0fc019db7e Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:48
    f2 = open(f'debug-{opt.nruns:02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #88df76b1b3b16139 Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:56
        f1 = open(f'objs-{(opt.nruns - 1):02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bcb6353f8a86fcb4 Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:57
        f2 = open(f'objs-{opt.nruns:02}.txt').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6d4e195c4f738dd9 Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:88
        stream=open(f"debug-{i:02}.txt", "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #82f228d5cf104bd1 Filesystem access.
pkgs/python/[email protected]/scripts/refcounter.py:103
        pprint(co, stream=open(f"objs-{i:02}.txt", "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cae3f95d24bbdf1 Environment-variable access.
pkgs/python/[email protected]/setup.py:125
            path_directories = os.environ['PATH'].split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf801a2d447e7f01 Filesystem access.
pkgs/python/[email protected]/setup.py:511
    f = open("README.rst")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pygithub

python dependency
expand_more 36 low-confidence finding(s)
low env_fs dependency Excluded from app score #b005476bc9f42cd4 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:302
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b68865b51644a1ff Filesystem access.
pkgs/python/[email protected]/doc/conf.py:324
with open("github_objects.rst", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4354e341b17655e3 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:335
    with open("github_objects/" + githubObjectClass + ".rst", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14594f5a08e32974 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:345
    with open("../" + module.replace(".", "/") + ".py") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f98733de27fc644 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:387
with open("apis.rst", "w") as apis:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43854f5fe3b5511d Filesystem access.
pkgs/python/[email protected]/github/Requester.py:1016
        with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8255c0b7a5c2fc3 Filesystem access.
pkgs/python/[email protected]/github/Requester.py:1140
            f = open(local_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2c3f1eefb035915b Filesystem access.
pkgs/python/[email protected]/scripts/fix_headers.py:173
        with open(filename, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ae8571135394b7d3 Filesystem access.
pkgs/python/[email protected]/scripts/fix_headers.py:178
            with open(filename, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7537021c43f0bb16 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:1897
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #abeb77efd829daa0 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:1963
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b66b8a2a5a76f9b5 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2075
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #281f7ecbd7a05d57 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2094
                with open(filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0b87260a2e763ef2 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2109
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #148b9734702f5c73 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2111
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7148f5848d934cd7 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2205
                with open(clazz.filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #adbf816958f7ede0 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2216
                    with open(clazz.test_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c13382d73e42e841 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2241
        with open(spec_file, "wb") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a68a9cb29bcffd7a Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2369
            with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #780f317ec6162fb4 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2394
                with open(index_filename) as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6a6572d0a816ad9d Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2400
            with open(index_filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #18e6945a3ff644f0 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2407
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #762c0b287a84e159 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2409
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #670fc38b15483126 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2573
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d6402a6bfa9cc433 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2575
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #442cfc77eff6528e Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2843
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #56832250206108f4 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:2998
                        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e03635b2fe4623af Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3045
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4393875417f717b3 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3064
        with open(spec_file) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #677b36a296000f41 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3066
        with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e074593e382f5658 Filesystem access.
pkgs/python/[email protected]/scripts/openapi.py:3074
        with open(clazz.filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #38a34d6ded044b5c Filesystem access.
pkgs/python/[email protected]/scripts/prepare-for-update-assertions.py:109
    with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #90edfcaf8fda5675 Filesystem access.
pkgs/python/[email protected]/scripts/prepare-for-update-assertions.py:125
            with open(filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d848d6bbebc67747 Filesystem access.
pkgs/python/[email protected]/scripts/sort_class.py:186
        with open(filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #41597192a1d5cb80 Filesystem access.
pkgs/python/[email protected]/scripts/sort_class.py:203
                with open(filename, "w") as w:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bb430f9d6a4675a1 Filesystem access.
pkgs/python/[email protected]/scripts/sort_class.py:224
    with open(index_filename) as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyjwt

python dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #a2f0e78f1d865061 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:11
    with open(os.path.join(here, *parts), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #378cc459828a83ca Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:97
os.environ["SPHINX_BUILD"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61827f784543963d Environment-variable access.
pkgs/python/[email protected]/jwt/algorithms.py:102
    if TYPE_CHECKING or bool(os.getenv("SPHINX_BUILD", "")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e466a8e8d233c91 Environment-variable access.
pkgs/python/[email protected]/jwt/api_jwt.py:25
if TYPE_CHECKING or bool(os.getenv("SPHINX_BUILD", "")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pylatexenc

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #2a274194dc5521bd Filesystem access.
pkgs/python/[email protected]/pylatexenc/latex2text/__init__.py:981
            with open(fnfull) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f98ba6a9603c0dcb Filesystem access.
pkgs/python/[email protected]/setup.py:35
    with open(os.path.join(*paths), 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pypdf

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #f13f4c9c4ff9511c Filesystem access.
pkgs/python/[email protected]/pypdf/_page.py:2033
            debug_path.joinpath("fonts.json").write_text(
                json.dumps(fonts, indent=2, default=asdict),
                "utf-8"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cd5fd7b0f1b5c0f Filesystem access.
pkgs/python/[email protected]/pypdf/_reader.py:172
            with open(stream, "rb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95764734c9701d86 Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:285
        debug_path.joinpath("bt_groups.json").write_text(
            json.dumps(ty_groups, indent=2, default=str), "utf-8"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34dd18440decfb59 Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:351
        debug_path.joinpath("bts.json").write_text(
            json.dumps(bt_groups, indent=2, default=str), "utf-8"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddf0975f50996c46 Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:354
        debug_path.joinpath("tjs.json").write_text(
            json.dumps(
                tj_ops, indent=2, default=lambda x: getattr(x, "to_dict", str)(x)
            ),
            "utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3da85e1eb056907 Filesystem access.
pkgs/python/[email protected]/pypdf/_utils.py:391
    with open("pypdf_pdfLocation.txt", "wb") as output_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f76909af2b1f82ae Filesystem access.
pkgs/python/[email protected]/pypdf/_writer.py:245
                with open(fileobj, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97ee8c80e9fbf3b9 Environment-variable access.
pkgs/python/[email protected]/pypdf/filters.py:752
            environment = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #71e320afac4fbb53 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/resources/afm_to_dataclass.py:24
        with urllib.request.urlopen(
            f"https://{FONT_LOC}"
        ) as connection, ZipFile(BytesIO(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

python-docx

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #7efb04ab9a22e226 Filesystem access.
pkgs/python/[email protected]/src/docx/image/image.py:41
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf003b10fc1245a0 Filesystem access.
pkgs/python/[email protected]/src/docx/opc/phys_pkg.py:47
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50efa5069f87f6c7 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/comments.py:49
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aee4eea53c0c6f1c Filesystem access.
pkgs/python/[email protected]/src/docx/parts/hdrftr.py:31
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #103b669fbb298642 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/hdrftr.py:51
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11e17bd5f474e71e Filesystem access.
pkgs/python/[email protected]/src/docx/parts/settings.py:48
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #705d83fbe37f3bec Filesystem access.
pkgs/python/[email protected]/src/docx/parts/styles.py:40
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-dotenv

python dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #2aceda7d26626d92 Filesystem access.
pkgs/python/[email protected]/src/dotenv/cli.py:76
        with open(path) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e86d3f33f05e75d3 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:194
        if v is not None and (override or k not in os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00ce8a6b41d02683 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:225
    cmd_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22f2e45da7ec585f Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:26
    if "PYTHON_DOTENV_DISABLED" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da8990db54949d9a Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:28
    value = os.environ["PYTHON_DOTENV_DISABLED"].casefold()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8383e89f3e5fb7c7 Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:63
            with open(self.dotenv_path, encoding=self.encoding) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #773b206d13cacd34 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:105
            if k in os.environ and not self.override:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70c4957daa81abac Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:108
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #849cb927351ed79f Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:148
        source: IO[str] = open(path, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9aa35c930c08288 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:302
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51a81b6e173c9b0c Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:306
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-frontmatter

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #5c9f840d0800165e Filesystem access.
pkgs/python/[email protected]/setup.py:10
with open("README.md") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-multipart

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #558547d7f530c146 Filesystem access.
pkgs/python/[email protected]/python_multipart/multipart.py:516
                tmp_file = open(path, "w+b")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-pptx

python dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #7d6ba1aced305fea Filesystem access.
pkgs/python/[email protected]/features/steps/picture.py:43
    with open(test_image(filename), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b69e2a25380a4c1c Filesystem access.
pkgs/python/[email protected]/features/steps/placeholder.py:141
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24f5af1e7c1f7d2c Filesystem access.
pkgs/python/[email protected]/features/steps/presentation.py:88
    with open(test_pptx("test"), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fc46ca9293eb005 Filesystem access.
pkgs/python/[email protected]/features/steps/presentation.py:107
    with open(saved_pptx_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c809e64f965e0d41 Filesystem access.
pkgs/python/[email protected]/features/steps/shape.py:461
    with open(test_file("just-two-mice.png"), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30ca26eefff85b62 Filesystem access.
pkgs/python/[email protected]/features/steps/shapes.py:65
    with open(test_file(filename), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a6fb36720fddd3e Filesystem access.
pkgs/python/[email protected]/src/pptx/media.py:37
            with open(movie_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d062754d7848e485 Filesystem access.
pkgs/python/[email protected]/src/pptx/opc/package.py:367
            with open(file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b23524765d6c0872 Filesystem access.
pkgs/python/[email protected]/src/pptx/opc/serialized.py:166
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cff2ba922d0c6324 Filesystem access.
pkgs/python/[email protected]/src/pptx/oxml/__init__.py:29
    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaf675eaa7b89117 Filesystem access.
pkgs/python/[email protected]/src/pptx/parts/image.py:163
            with open(image_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4b80a5c0ea68c51 Environment-variable access.
pkgs/python/[email protected]/src/pptx/text/fonts.py:80
        home = os.environ.get("HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3808386396e8886c Filesystem access.
pkgs/python/[email protected]/src/pptx/text/fonts.py:200
        return cls(open(path, "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pythonnet

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #8fa97f951f594865 Environment-variable access.
pkgs/python/[email protected]/pythonnet/__init__.py:51
        for k, v in environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #953f0c8fdf7b39c7 Environment-variable access.
pkgs/python/[email protected]/pythonnet/__init__.py:113
    spec = environ.get("PYTHONNET_RUNTIME", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e388212b8aaffe9 Environment-variable access.
pkgs/python/[email protected]/setup.py:13
os.environ["EnableSourceControlManagerQueries"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyyaml

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #e4e1358c24b70d73 Environment-variable access.
pkgs/python/[email protected]/setup.py:72
os.environ['SETUPTOOLS_USE_DISTUTILS'] = 'local'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c6c8fd505e3a53f Environment-variable access.
pkgs/python/[email protected]/setup.py:81
if 'sdist' in sys.argv or os.environ.get('PYYAML_FORCE_CYTHON') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b1134ce35911942 Environment-variable access.
pkgs/python/[email protected]/setup.py:160
            with_ext = getattr(self, ext.attr_name) or os.environ.get('PYYAML_FORCE_{0}'.format(ext.feature_name.upper()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

qtconsole

python dependency
expand_more 12 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #a30a695aea0a55c5 Filesystem access.
pkgs/python/[email protected]/docs/autogen_config.py:32
    with open(destination, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b09e634feae5b826 Filesystem access.
pkgs/python/[email protected]/docs/source/conf.py:16
exec(compile(open('../../qtconsole/_version.py').read(), '../../qtconsole/_version.py', 'exec'), release_info)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2184120f4496ecb1 Environment-variable access.
pkgs/python/[email protected]/docs/source/conf.py:19
if os.environ.get('READTHEDOCS', None) == 'True':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4beae8000c52332d Filesystem access.
pkgs/python/[email protected]/docs/source/conf.py:22
    exec(compile(open('../autogen_config.py').read(), '../autogen_config.py', 'exec'), ns )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be5ea9cab7a5240d Environment-variable access.
pkgs/python/[email protected]/qtconsole/console_widget.py:2576
            if not os.environ.get('QTCONSOLE_TESTING'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2437b57dcde387f Filesystem access.
pkgs/python/[email protected]/qtconsole/qtconsoleapp.py:348
                with open(self.stylesheet) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #660df3097c9fbfc4 Environment-variable access.
pkgs/python/[email protected]/qtconsole/qtconsoleapp.py:424
                os.environ['QT_MAC_WANTS_LAYER'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ced882e0da0f62bf Filesystem access.
pkgs/python/[email protected]/qtconsole/rich_text.py:150
    with io.open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #769ee9a6a5d7fbe4 Filesystem access.
pkgs/python/[email protected]/qtconsole/rich_text.py:173
    with io.open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fbadfffc536099f Filesystem access.
pkgs/python/[email protected]/qtconsole/svg.py:33
        f = open(filename, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf5a5f140a0c104e Filesystem access.
pkgs/python/[email protected]/setup.py:44
with open(pjoin(here, name, '_version.py')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1afea15e110ec15b Filesystem access.
pkgs/python/[email protected]/setup.py:47
with io.open(os.path.join(here, 'README.md'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

redis

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #eb708fce88f8b2e8 Filesystem access.
pkgs/python/[email protected]/redis/commands/json/commands.py:317
        with open(file_name) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

requests

python dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #de2db22bbf5c6d46 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:771
                    os.environ.get("REQUESTS_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #841aa34bbf80b1e9 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:772
                    or os.environ.get("CURL_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3da97634b2a9784d Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:209
    netrc_file = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c2013a9e6c3497a Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:740
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d273d8b6a628e76c Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:741
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dbfd091716db480 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:747
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02900da3c2c89e56 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:749
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #815957a0658ec80e Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:762
        return os.environ.get(key) or os.environ.get(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

resend

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #7554f8c3a5b87c52 Environment-variable access.
pkgs/python/[email protected]/resend/__init__.py:77
api_key = os.environ.get("RESEND_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6462f15bedd36e8 Environment-variable access.
pkgs/python/[email protected]/resend/__init__.py:78
api_url = os.environ.get("RESEND_API_URL", "https://api.resend.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #134dbc842e771c91 Filesystem access.
pkgs/python/[email protected]/setup.py:9
with open("resend/version.py", encoding="utf8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86a6f1004d1341fb Filesystem access.
pkgs/python/[email protected]/setup.py:13
    install_requires = open("requirements.txt").readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #812d1139514dc4a7 Filesystem access.
pkgs/python/[email protected]/setup.py:21
    long_description=open("README.md", encoding="utf8").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

runloop-api-client

python dependency
expand_more 25 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #9bf136dc35b793d5 Filesystem access.
pkgs/python/[email protected]/examples/blueprint_with_build_context.py:57
        (tmp_path / "app.py").write_text('print("Hello from app")')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3f7f30f47b2d3497 Filesystem access.
pkgs/python/[email protected]/examples/blueprint_with_build_context.py:58
        (tmp_path / "config.txt").write_text("key=value")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #11026f18d39dd28b Environment-variable access.
pkgs/python/[email protected]/examples/mcp_github_tools.py:57
    github_token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #556ac87193c922f8 Environment-variable access.
pkgs/python/[email protected]/examples/mcp_github_tools.py:58
    anthropic_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2dea3815a3d0b480 Environment-variable access.
pkgs/python/[email protected]/examples/mcp_github_tools.py:155
    github_token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e8c78a0270b50577 Environment-variable access.
pkgs/python/[email protected]/examples/mcp_github_tools.py:166
    anthropic_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5617effb458dba6f Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:114
            bearer_token = os.environ.get("RUNLOOP_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b346823aca35c367 Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:122
            base_url = os.environ.get("RUNLOOP_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ab24ba299297ba7 Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:126
        custom_headers_env = os.environ.get("RUNLOOP_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c178f6acf45ca355 Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:408
            bearer_token = os.environ.get("RUNLOOP_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83ce3e158384d17d Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:416
            base_url = os.environ.get("RUNLOOP_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02c636ff400defab Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_client.py:420
        custom_headers_env = os.environ.get("RUNLOOP_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11ec8f8f30c09b7e Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b217db8af209cfd4 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02838c7922f6d3fa Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09482162b4d5bde3 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca60733c08bb1701 Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #970f641ce31fed89 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_response.py:497
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21b61f69c5654924 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_response.py:539
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6aadd0a7275eaa1 Environment-variable access.
pkgs/python/[email protected]/src/runloop_api_client/_utils/_logs.py:17
    env = os.environ.get("RUNLOOP_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41c09ced0d83c314 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baa5f07c928c845e Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52a988707e3a50b5 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffcd0613af97805a Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/sdk/async_.py:405
            content = await asyncio.to_thread(lambda: path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5fb5c73fc3ae528 Filesystem access.
pkgs/python/[email protected]/src/runloop_api_client/sdk/sync.py:403
            content = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

setuptools

python dependency
expand_more 162 low-confidence finding(s)
low env_fs dependency Excluded from app score #7aefd37a4f7894ae Environment-variable access.
pkgs/python/[email protected]/_distutils_hack/__init__.py:49
    which = os.environ.get('SETUPTOOLS_USE_DISTUTILS', 'local')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5af1ba5bf5917d9e Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/command/_framework_compat.py:22
    ensurepip = os.environ.get("ENSUREPIP_OPTIONS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3050a2eeebfd5c93 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/bdist_rpm.py:555
                    with open(val) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #209bc33e7ac4fe38 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/command/build_ext.py:800
                elif '_PYTHON_HOST_PLATFORM' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bbdfe24811ec695 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/build_scripts.py:105
            with open(outfile, "w", encoding=f.encoding) as outf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd05b51db4b9d5d0 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/config.py:104
        with open(filename, "w", encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e34c592ba4d6d250 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/config.py:191
        with open(out, encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #965678602d9b3afb Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/config.py:348
    log.info(pathlib.Path(filename).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #825445a6a14b1d14 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/install_egg_info.py:55
        with open(target, 'w', encoding='UTF-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96cddb2d9c74d5a2 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/sdist.py:424
        with open(self.manifest, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1b73330bec78dee Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/command/sdist.py:434
        with open(self.manifest, encoding='utf-8') as lines:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9e0367a993ece41 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/cygwin.py:71
        self.cc = os.environ.get('CC', self.cc or 'gcc')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24d49759911e78d2 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/cygwin.py:72
        self.cxx = os.environ.get('CXX', self.cxx or 'g++')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7622fa483eb51cf Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/cygwin.py:316
        config_h = pathlib.Path(fn).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c693fbb3a740ca7 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:82
    root = os.environ.get("ProgramFiles(x86)") or os.environ.get("ProgramFiles")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39d9973b2125e22f Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:150
    if os.getenv("DISTUTILS_USE_SDK"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #735f1fabd9016181 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:151
        return {key.lower(): value for key, value in os.environ.items()}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cbd52f1044e53ea Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:189
        paths = os.getenv('path').split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #809ce45bdf4b8ee4 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/msvc.py:561
        env = dict(os.environ, PATH=self._paths)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89d97f42cd92118c Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/compilers/C/zos.py:114
            if (binary := os.environ.get(envvar, None))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a099017fbf20846f Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/debug.py:5
DEBUG = os.environ.get('DISTUTILS_DEBUG')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55cd7b5f7ff14f1c Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/dist.py:386
            yield pathlib.Path(os.getenv("DIST_EXTRA_CONFIG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cbf3b5fe552951b Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/dist.py:1140
            self.read_pkg_file(open(path))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75b63cd3e2c233f6 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/dist.py:1215
        with open(
            os.path.join(base_dir, 'PKG-INFO'), 'w', encoding='UTF-8'
        ) as pkg_info:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fee4265f74beadec Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/file_util.py:28
            fsrc = open(src, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9052604b233dbf7 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/file_util.py:39
            fdst = open(dst, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2857a8aa58637b9f Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/file_util.py:227
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89159fe00c95da2d Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/spawn.py:52
    return os.environ if env is None else env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #826e76bcd4a9bbd3 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/spawn.py:111
        path = os.environ.get('PATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e39ac77c253a8fa2 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:48
if "_PYTHON_PROJECT_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47264e4621a1c67e Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:49
    project_base = os.path.abspath(os.environ["_PYTHON_PROJECT_BASE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83437521a134cab2 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:330
        if 'CC' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #210a64691811229e Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:331
            newcc = os.environ['CC']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc6cec7c382e3f8d Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:332
            if 'LDSHARED' not in os.environ and ldshared.startswith(cc):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e85022ba2ae74997 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:337
        cxx = os.environ.get('CXX', cxx)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5390f2b99dca5a3 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:338
        ldshared = os.environ.get('LDSHARED', ldshared)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b539c024c3a51f2 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:339
        ldcxxshared = os.environ.get('LDCXXSHARED', ldcxxshared)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3873ce4e3f5a63d7 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:340
        cpp = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #612463e68e6ad734 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:340
        cpp = os.environ.get(
            'CPP',
            cc + " -E",  # not always
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae2cc31b5f3b51f2 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:347
        cflags = os.environ.get('CFLAGS', cflags)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61b82aaccc80658d Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:349
        cxxflags = os.environ.get('CXXFLAGS', cxxflags)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0058a6c37156a692 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:357
        ar = os.environ.get('AR', ar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e7b2fec2d9e3618 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:359
        archiver = ar + ' ' + os.environ.get('ARFLAGS', ar_flags)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e320526747048595 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:376
        if 'RANLIB' in os.environ and compiler.executables.get('ranlib', None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5377ab7c52146c4 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:377
            compiler.set_executables(ranlib=os.environ['RANLIB'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac2a27c64cf5ea15 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:472
                elif n in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd197dba003167fb Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:474
                    item = os.environ[n]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ff561fc7acc065b Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/sysconfig.py:597
    flags = os.environ.get(f'{type}FLAGS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbccd05b054b54a6 Filesystem access.
pkgs/python/[email protected]/setuptools/_distutils/text_file.py:118
        self.file = open(self.filename, errors=self.errors, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9256c39be5715446 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:57
        target = os.environ.get('VSCMD_ARG_TGT_ARCH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a7e5220128769a1 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:94
    env_ver = os.environ.get(MACOSX_VERSION_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7db4f2d02ed4a59 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:174
    if os.name == 'posix' and 'HOME' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1ebc603a56d39b6 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:178
            os.environ['HOME'] = pwd.getpwuid(os.getuid())[5]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #064d4926946c90d3 Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:184
    if 'PLAT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4a96350f9d76f0b Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:185
        os.environ['PLAT'] = get_platform()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0172531583209dd Environment-variable access.
pkgs/python/[email protected]/setuptools/_distutils/util.py:199
    lookup = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a296516c3429b776 Filesystem access.
pkgs/python/[email protected]/setuptools/_imp.py:65
            file = open(path, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd191c7b33f530f4 Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:80
    orig_pythonpath = os.environ.get('PYTHONPATH', nothing)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11a3c719761f81c8 Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:81
    current_pythonpath = os.environ.get('PYTHONPATH', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b05623bb3709e14 Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:87
            os.environ['PYTHONPATH'] = new_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47c764a08999130e Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:91
            os.environ.pop('PYTHONPATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #651f8fbf0b8ef289 Environment-variable access.
pkgs/python/[email protected]/setuptools/_path.py:93
            os.environ['PYTHONPATH'] = orig_pythonpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32874d54710be621 Environment-variable access.
pkgs/python/[email protected]/setuptools/_scripts.py:49
        return os.environ.get('__PYVENV_LAUNCHER__', _default)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4def831bad1f421f Environment-variable access.
pkgs/python/[email protected]/setuptools/_scripts.py:238
        launcher = os.environ.get('SETUPTOOLS_LAUNCHER', 'executable')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52cf1564c427cdcd Environment-variable access.
pkgs/python/[email protected]/setuptools/_scripts.py:245
        if ext not in os.environ['PATHEXT'].lower().split(';'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8282c41952039b0 Filesystem access.
pkgs/python/[email protected]/setuptools/_scripts.py:332
    return resources.files('setuptools').joinpath(launcher_fn).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ab97b386fbad459 Filesystem access.
pkgs/python/[email protected]/setuptools/_scripts.py:337
    return res.read_text(encoding='utf-8') % vars()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3435495563913f57 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/autocommand/autoparse.py:330
        with open(filename_or_file, *args, **kwargs) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6806fefc3bbfc88f Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/backports/tarfile/__init__.py:2829
            t = open(fileobj=name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a81dfa91dbe745d Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/backports/tarfile/__init__.py:2832
            t = open(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #612608aca75b153b Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/backports/tarfile/__init__.py:2872
            with open(src, 'r') as tar:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #190654226d30c224 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:379
        return self.locate().read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4d5ce2691dfdacf Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:382
        return self.locate().read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1273f2738fa49e3 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:527
            self.read_text('METADATA')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d93d95920a90c460 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:528
            or self.read_text('PKG-INFO')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e84f82f647053c0 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:532
            or self.read_text('')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #060260ce26c9bae6 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:567
        return EntryPoints._from_text_for(self.read_text('entry_points.txt'), self)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a5ab6d33d3070ed Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:616
        text = self.read_text('RECORD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d70e9e3cef3eeda Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:630
        text = self.read_text('installed-files.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92cae946b9d18be3 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:659
        text = self.read_text('SOURCES.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96d6e9fe0b2c2904 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:672
        source = self.read_text('requires.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d693a630001159a3 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:723
            self.read_text(filename),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b01418ff272c6d5c Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:1014
            return self._path.joinpath(filename).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5060eadd4321966 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/importlib_metadata/__init__.py:1150
    return (dist.read_text('top_level.txt') or '').split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1243b3301bcda1e5 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/jaraco/text/__init__.py:232
lorem_ipsum: str = (
    files(__name__).joinpath('Lorem ipsum.txt').read_text(encoding='utf-8')
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8ba9104596d26db Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/jaraco/text/__init__.py:631
    with open(filename, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1577e1de3ea5a49d Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/packaging/_manylinux.py:34
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60ff1d63c2f20520 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/packaging/_musllinux.py:46
        with open(executable, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b25fd2d0e05083d1 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/__init__.py:31
    if os.getenv("ANDROID_DATA") == "/data" and os.getenv("ANDROID_ROOT") == "/system":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c52946c72507d148 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/__init__.py:32
        if os.getenv("SHELL") or os.getenv("PREFIX"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #683382f61d6d18cb Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:45
        path = os.environ.get("XDG_DATA_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0d8429c3ecb79e4 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:52
        path = os.environ.get("XDG_DATA_DIRS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4c024e8e957a3a8 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:76
        path = os.environ.get("XDG_CONFIG_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb9e591bee50e8f1 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:83
        path = os.environ.get("XDG_CONFIG_DIRS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a75322e0bd49234 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:107
        path = os.environ.get("XDG_CACHE_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23c7c6089f7871c5 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:123
        path = os.environ.get("XDG_STATE_HOME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a60f1f4fff626a1 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:177
        path = os.environ.get("XDG_RUNTIME_DIR", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #649055838bcebb3b Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:201
        path = os.environ.get("XDG_RUNTIME_DIR", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e93e14e667b8b63 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/unix.py:238
        media_dir = os.environ.get(env_var, "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e90fa9b0d78e6cd Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:157
    result = os.environ.get(env_var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #264f9c6cd9b4cfbb Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:167
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Documents")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78347e0317875bc4 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:170
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Downloads")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce9127965f8e63db Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:173
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Pictures")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56f31e23860198d3 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:176
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Videos")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c272970266359ae Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/platformdirs/windows.py:179
        return os.path.join(os.path.normpath(os.environ["USERPROFILE"]), "Music")  # noqa: PTH118

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa6500868f12521d Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_bdist_wheel.py:492
        with open(wheelfile_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #980b5fb2c2299eb2 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_bdist_wheel.py:598
            with open(dependency_links_path, encoding="utf-8") as dependency_links_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c61deb3f9c949c1 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_bdist_wheel.py:609
        with open(pkg_info_path, "w", encoding="utf-8") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2a2aa2f84bcd738 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:171
                        requires = path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #725a2d2be41aa7e7 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:174
                        pkginfo = path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e66f96163770c5cc Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:184
                            path.read_bytes(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95a86f83b28e0590 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/convert.py:190
                yield str(path.relative_to(self.path)), path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f617951932f947c Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/pack.py:40
    with open(wheel_file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2f763abcd71aa32 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_commands/pack.py:60
            with open(wheel_file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7454902e242928e Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_metadata.py:151
    with open(pkginfo_path, encoding="utf-8") as headers:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25e61455faab0704 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/_metadata.py:160
        with open(requires_path, encoding="utf-8") as requires_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecccfcc5f1cc3729 Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:293
    with open(path_to_lib, "rb") as lib_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bea282ff4a907294 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:419
    if "MACOSX_DEPLOYMENT_TARGET" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b72eda6a64755eb Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:421
            int(x) for x in os.environ["MACOSX_DEPLOYMENT_TARGET"].split(".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ceb937a72e8b0db1 Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/macosx_libfile.py:474
        if "MACOSX_DEPLOYMENT_TARGET" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #354aaeefae7cfe7f Environment-variable access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/wheelfile.py:53
    timestamp = int(os.environ.get("SOURCE_DATE_EPOCH", timestamp or time.time()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26c763c1aaa3635d Filesystem access.
pkgs/python/[email protected]/setuptools/_vendor/wheel/wheelfile.py:185
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad9c336355acd7cd Filesystem access.
pkgs/python/[email protected]/setuptools/archive_util.py:133
            with open(target, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d9d24844c643bb7 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:70
    with open(pyfile, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d2d3a9e363becb1 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:211
            with open(native_libs, 'wt', encoding="utf-8") as libs_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cff36716513f375 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:362
            with open(fn, 'wt', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0e45b577e399330 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_egg.py:381
    f = open(filename, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf3da87eeef0c88b Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_wheel.py:475
        with open(wheelfile_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91e7f375a3b65844 Filesystem access.
pkgs/python/[email protected]/setuptools/command/bdist_wheel.py:575
        with open(dependency_links_path, encoding="utf-8") as dependency_links_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #239e2e59737c9fbe Environment-variable access.
pkgs/python/[email protected]/setuptools/command/build_ext.py:160
        so_ext = os.getenv('SETUPTOOLS_EXT_SUFFIX')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f57c9cdefb4201d Filesystem access.
pkgs/python/[email protected]/setuptools/command/build_ext.py:354
        with open(stub_file, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50dc6186b4c1306f Filesystem access.
pkgs/python/[email protected]/setuptools/command/build_py.py:192
            files = manifest.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21ff7e60347a04eb Filesystem access.
pkgs/python/[email protected]/setuptools/command/build_py.py:261
        with open(init_py, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db1b9967da6e9103 Environment-variable access.
pkgs/python/[email protected]/setuptools/command/easy_install.py:18
            sys_executable=os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5afb04a21deaca89 Environment-variable access.
pkgs/python/[email protected]/setuptools/command/easy_install.py:18
            sys_executable=os.environ.get(
                "__PYVENV_LAUNCHER__", os.path.normpath(sys.executable)
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9867a6537a5749cf Filesystem access.
pkgs/python/[email protected]/setuptools/command/editable_wheel.py:601
        path1.write_text("file1", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82ab996ee0d2a3ff Filesystem access.
pkgs/python/[email protected]/setuptools/command/editable_wheel.py:604
            if path2.is_symlink() and path2.read_text(encoding="utf-8") == "file1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93a454f1ddae25c3 Filesystem access.
pkgs/python/[email protected]/setuptools/command/egg_info.py:283
        f = open(filename, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d55b0a7ec975aa43 Filesystem access.
pkgs/python/[email protected]/setuptools/command/egg_info.py:645
    with open(filename, "wb") as f:  # always write POSIX-style manifest

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec5b3d3a85f19f81 Filesystem access.
pkgs/python/[email protected]/setuptools/command/install_scripts.py:64
        with open(target, "w" + mode, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d09d15ce289cfb3e Filesystem access.
pkgs/python/[email protected]/setuptools/command/sdist.py:195
        with open(self.manifest, 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a54c65d914389708 Filesystem access.
pkgs/python/[email protected]/setuptools/command/sdist.py:205
        manifest = open(self.manifest, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35b70f662a14bc9f Filesystem access.
pkgs/python/[email protected]/setuptools/command/setopt.py:67
    with open(filename, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca3d05a671d2b979 Environment-variable access.
pkgs/python/[email protected]/setuptools/config/_validate_pyproject/error_reporting.py:81
        debug_code = os.getenv("JSONSCHEMA_DEBUG_CODE_GENERATION", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7561da2b673c0b77 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/setuptools/config/_validate_pyproject/formats.py:158
    with urlopen(url, context=context) as response:  # noqa: S310 (audit URLs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #14aeca881af780f1 Environment-variable access.
pkgs/python/[email protected]/setuptools/config/_validate_pyproject/formats.py:192
        if os.getenv("NO_NETWORK") or os.getenv("VALIDATE_PYPROJECT_NO_NETWORK"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51765946f88aad83 Filesystem access.
pkgs/python/[email protected]/setuptools/config/expand.py:57
        module = ast.parse(pathlib.Path(spec.origin).read_bytes())  # type: ignore[arg-type] # Let it raise an error on None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f24218b69ae542d6 Filesystem access.
pkgs/python/[email protected]/setuptools/config/expand.py:142
    with open(filepath, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d7ebd3ca523ba25 Filesystem access.
pkgs/python/[email protected]/setuptools/config/pyprojecttoml.py:39
    with open(filepath, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee6f58700debc4b0 Filesystem access.
pkgs/python/[email protected]/setuptools/dist.py:586
            with open(filename, encoding='utf-8') as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57f6fd3698ee9632 Filesystem access.
pkgs/python/[email protected]/setuptools/dist.py:820
            with open(readme_txt_filename, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9887687c256f6406 Environment-variable access.
pkgs/python/[email protected]/setuptools/installer.py:82
    quiet = 'PIP_QUIET' not in os.environ and 'PIP_VERBOSE' not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e886180ddac52ef Environment-variable access.
pkgs/python/[email protected]/setuptools/installer.py:83
    if 'PIP_INDEX_URL' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87847edf969601cb Filesystem access.
pkgs/python/[email protected]/setuptools/msvc.py:462
                with open(state_path, 'rt', encoding='utf-8') as state_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6db162122f63ec1d Filesystem access.
pkgs/python/[email protected]/setuptools/namespaces.py:23
        with open(filename, 'wt', encoding=py312.PTH_ENCODING) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38635b3e7cc0642d Filesystem access.
pkgs/python/[email protected]/setuptools/unicode_utils.py:59
        with open(file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d5236400358d74f Filesystem access.
pkgs/python/[email protected]/setuptools/unicode_utils.py:63
        with open(file, "r", encoding=fallback_encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #978de468adb0eea1 Environment-variable access.
pkgs/python/[email protected]/setuptools/warnings.py:109
    enforce = os.getenv("SETUPTOOLS_ENFORCE_DEPRECATION", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10f4d74c85efb25b Filesystem access.
pkgs/python/[email protected]/setuptools/wheel.py:261
                    with open(mod_init, 'w', encoding="utf-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ad9c66ecaddb5e4a Environment-variable access.
pkgs/python/[email protected]/tools/build_launchers.py:102
        os.environ['ProgramFiles(x86)'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #321448b11e25987a Filesystem access.
pkgs/python/[email protected]/tools/finalize.py:39
    changelog = changelog_fn.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3a66857084115af0 Filesystem access.
pkgs/python/[email protected]/tools/finalize.py:41
    changelog_fn.write_text(fixed, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

shellingham

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #1294b61a9259cdfc Environment-variable access.
pkgs/python/[email protected]/src/shellingham/posix/__init__.py:54
    login_shell = os.environ.get("SHELL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ef514f5b744afc0 Filesystem access.
pkgs/python/[email protected]/src/shellingham/posix/proc.py:44
    with io.open(path, encoding="ascii", errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #275fa60776bfc32f Filesystem access.
pkgs/python/[email protected]/src/shellingham/posix/proc.py:55
    with io.open(path, encoding=encoding, errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

slack-sdk

python dependency
expand_more 27 low-confidence finding(s)
low env_fs dependency Excluded from app score #4781b525bd9f4797 Environment-variable access.
pkgs/python/[email protected]/slack/deprecation.py:6
    skip_deprecation = os.environ.get("SLACKCLIENT_SKIP_DEPRECATION")  # for unit tests etc.

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b54f6205a3ee4ee5 Filesystem access.
pkgs/python/[email protected]/slack/web/async_internal_utils.py:148
                f = open(v.encode("utf-8", "ignore"), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96c0cea6985b33d9 Filesystem access.
pkgs/python/[email protected]/slack/web/base_client.py:298
                        f: BinaryIO = open(v.encode("utf-8", "ignore"), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9812132e4c4ef03 Environment-variable access.
pkgs/python/[email protected]/slack/web/deprecation.py:17
    skip_deprecation = os.environ.get("SLACKCLIENT_SKIP_DEPRECATION")  # for unit tests etc.

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3e96cecc0a646c2 Environment-variable access.
pkgs/python/[email protected]/slack_sdk/models/messages/message.py:16
skip_warn = os.environ.get("SLACKCLIENT_SKIP_DEPRECATION")  # for unit tests etc.

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db69b09c6e84fb0c Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:59
            with open(f"{team_installation_dir}/installer-latest", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a85ad70505141f9e Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:61
            with open(f"{team_installation_dir}/installer-{history_version}", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3b1dd6c91be7099 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:67
            with open(f"{team_installation_dir}/installer-{u_id}-latest", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4b6a15934dcec70 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:69
            with open(f"{team_installation_dir}/installer-{u_id}-{history_version}", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7acba267fb6f5e65 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:75
            with open(installer_filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12f1b715d8ce1be9 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:94
            with open(f"{team_installation_dir}/bot-latest", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #644b9fa59f38e4d7 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:96
            with open(f"{team_installation_dir}/bot-{history_version}", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d24e3da80544dd33 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:99
            with open(f"{team_installation_dir}/bot-latest", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94813ecdf115b519 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:130
            with open(bot_filepath) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c12e604e1e3833a Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/installation_store/file/__init__.py:172
            with open(installation_filepath) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #718d376bee3f63d1 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/state_store/file/__init__.py:46
        with open(filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a16c6c5a550c0d3 Filesystem access.
pkgs/python/[email protected]/slack_sdk/oauth/state_store/file/__init__.py:54
            with open(filepath) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #019e11e655418ed2 Environment-variable access.
pkgs/python/[email protected]/slack_sdk/proxy_env_variable_loader.py:12
        os.environ.get("HTTPS_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eebe0e62268260fb Environment-variable access.
pkgs/python/[email protected]/slack_sdk/proxy_env_variable_loader.py:13
        or os.environ.get("https_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c8a13e144d33b30 Environment-variable access.
pkgs/python/[email protected]/slack_sdk/proxy_env_variable_loader.py:14
        or os.environ.get("HTTP_PROXY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b379e01fbcf937f Environment-variable access.
pkgs/python/[email protected]/slack_sdk/proxy_env_variable_loader.py:15
        or os.environ.get("http_proxy")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2555b8594eb7b98e Filesystem access.
pkgs/python/[email protected]/slack_sdk/web/async_internal_utils.py:36
                f = open(v.encode("utf-8", "ignore"), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b77d6bcd211b31fd Filesystem access.
pkgs/python/[email protected]/slack_sdk/web/base_client.py:282
                        f: BinaryIO = open(v.encode("utf-8", "ignore"), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c683716aaa9f4fe Environment-variable access.
pkgs/python/[email protected]/slack_sdk/web/deprecation.py:21
    skip_deprecation = os.environ.get("SLACKCLIENT_SKIP_DEPRECATION")  # for unit tests etc.

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f108996fcb0d92f Environment-variable access.
pkgs/python/[email protected]/slack_sdk/web/internal_utils.py:278
    skip_deprecation = os.environ.get("SKIP_SLACK_SDK_WARNING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59141d0b675c4b06 Filesystem access.
pkgs/python/[email protected]/slack_sdk/web/internal_utils.py:342
            with open(os.fsencode(file), "rb") as readable:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a44ef89255fd86b6 Filesystem access.
pkgs/python/[email protected]/slack_sdk/web/legacy_base_client.py:348
                        f: BinaryIO = open(v.encode("utf-8", "ignore"), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

sqlalchemy

python dependency
expand_more 28 low-confidence finding(s)
low env_fs dependency Excluded from app score #d30b9b9b0eeb009c Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:42
            with open(
                Path(cachedir) / "sqla_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6e39e1b1ea8c6b3 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:56
            with open(
                Path(cachedir) / "plain_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d7b815ce28b7b1b Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:106
            os.environ.pop("MYPY_FORCE_COLOR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebfff4b780ca5113 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:146
        with open(path) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76057347513dd550 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:398
    if os.environ.get("REQUIRE_SQLALCHEMY_CEXT", "0") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fce23d685c338de Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:455
            with open(options.write_idents, "a") as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfccdda7bb25f0e6 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/pytestplugin.py:880
        return os.environ.get("PYTEST_CURRENT_TEST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bb118de2f81ce81 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:200
            profile_f = open(self.fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #373c158daa0dbf2e Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:219
        profile_f = open(self.fname, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aece343b34890061 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/provision.py:453
    with open(idents_file) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa8063c2d1bebd44 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/util/_has_cy.py:27
    if os.environ.get("DISABLE_SQLALCHEMY_CEXT_RUNTIME"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #519217074919ae8d Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:134
            Path(destination_path).write_text(
                text, encoding="utf-8", newline="\n"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d62c74978fa4c5ca Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:146
            with open(tempfile) as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #626c792e1f3d68bd Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:162
            with open(source_file, encoding="utf-8") as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6085ed53c131599 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:169
        with open(destination_path, encoding="utf-8") as dp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07b6c2dc6c9ab1bd Environment-variable access.
pkgs/python/[email protected]/noxfile.py:95
    cmd.extend(os.environ.get(dburl_env, default_dburl).split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45ff6b20c0bf8415 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:106
    env_dbdrivers = os.environ.get(extra_driver_env, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e358863bc4438d04 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:269
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efa1a761c7ce1c92 Environment-variable access.
pkgs/python/[email protected]/setup.py:23
DISABLE_EXTENSION = bool(os.environ.get("DISABLE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06471ef79e968caa Environment-variable access.
pkgs/python/[email protected]/setup.py:24
REQUIRE_EXTENSION = bool(os.environ.get("REQUIRE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #10a8b978017dabbe Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:155
    original = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #388e22bc0c612562 Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:313
                file.write_text(updated, "utf-8", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #da32bd6279aeff10 Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:145
    with open(fn.__code__.co_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cffbecb5d93952b7 Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:373
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a36c9f360b4b3e09 Filesystem access.
pkgs/python/[email protected]/tools/generate_sql_functions.py:38
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fe462db750017206 Filesystem access.
pkgs/python/[email protected]/tools/generate_tuple_map_overloads.py:53
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6feff8ea2cb8eb6f Filesystem access.
pkgs/python/[email protected]/tools/normalize_file_headers.py:27
    content = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #23de77a1d66bd94b Filesystem access.
pkgs/python/[email protected]/tools/sync_test_files.py:35
    source_data = Path(source).read_text().replace(remove_str, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

starlette

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #12efb94980ce52ac Environment-variable access.
pkgs/python/[email protected]/starlette/config.py:19
    def __init__(self, environ: MutableMapping[str, str] = os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1914eef83bcf6c93 Filesystem access.
pkgs/python/[email protected]/starlette/config.py:113
        with open(file_name, encoding=encoding) as input_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

stripe

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #a90398873d9ca59f Environment-variable access.
pkgs/python/[email protected]/stripe/_api_requestor.py:535
        agent = self._detect_ai_agent(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58849f4abbcf39d2 Environment-variable access.
pkgs/python/[email protected]/stripe/_util.py:34
STRIPE_LOG = os.environ.get("STRIPE_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fb57bba8681fcad Environment-variable access.
pkgs/python/[email protected]/stripe/_util.py:40
    return "APPENGINE_RUNTIME" in os.environ and "Dev" in os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #497ccd3e753418ff Environment-variable access.
pkgs/python/[email protected]/stripe/_util.py:40
    return "APPENGINE_RUNTIME" in os.environ and "Dev" in os.environ.get(
        "SERVER_SOFTWARE", ""
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

termcolor

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #db33fb2e2fa97dd2 Environment-variable access.
pkgs/python/[email protected]/src/termcolor/__main__.py:8
    print(f"Current terminal type: {os.getenv('TERM')}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd0dec5afb44c36d Environment-variable access.
pkgs/python/[email protected]/src/termcolor/termcolor.py:109
    if os.environ.get("ANSI_COLORS_DISABLED"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6c35b7af1bb1d3a Environment-variable access.
pkgs/python/[email protected]/src/termcolor/termcolor.py:111
    if os.environ.get("NO_COLOR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d256f6b6bdb09d81 Environment-variable access.
pkgs/python/[email protected]/src/termcolor/termcolor.py:113
    if os.environ.get("FORCE_COLOR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5864ef617e8c02e5 Environment-variable access.
pkgs/python/[email protected]/src/termcolor/termcolor.py:117
    if os.environ.get("TERM") == "dumb":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

toml

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #eefbafbede20ae2a Filesystem access.
pkgs/python/[email protected]/setup.py:8
with open("README.rst") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2957a4b637edcbfe Filesystem access.
pkgs/python/[email protected]/toml/decoder.py:133
        with io.open(_getpath(f), encoding='utf-8') as ffile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tornado

python dependency
expand_more 19 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #ec99956981c255c6 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:155
html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0b62bf904cb5a99f Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:158
if os.environ.get("READTHEDOCS", "") == "True":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37d3c1df52f19fa3 Filesystem access.
pkgs/python/[email protected]/setup.py:26
with open("tornado/__init__.py") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15f92500c39a82b2 Filesystem access.
pkgs/python/[email protected]/setup.py:31
with open("README.rst") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f40c0aa4d60f89a4 Environment-variable access.
pkgs/python/[email protected]/setup.py:37
    and os.environ.get("TORNADO_EXTENSION") != "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #640b0e01079c2106 Environment-variable access.
pkgs/python/[email protected]/setup.py:50
            optional=os.environ.get("TORNADO_EXTENSION") != "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af97cee274e1003b Filesystem access.
pkgs/python/[email protected]/tornado/http1connection.py:652
            body = await self.stream.read_bytes(
                min(self.params.chunk_size, content_length), partial=True
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b133ae03f114e95 Filesystem access.
pkgs/python/[email protected]/tornado/http1connection.py:672
                crlf = await self.stream.read_bytes(2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3220c485111a4644 Filesystem access.
pkgs/python/[email protected]/tornado/http1connection.py:683
                chunk = await self.stream.read_bytes(
                    min(bytes_to_read, self.params.chunk_size), partial=True
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #708d96ebbc4b2052 Filesystem access.
pkgs/python/[email protected]/tornado/http1connection.py:693
            crlf = await self.stream.read_bytes(2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #423721f6ef47ac71 Filesystem access.
pkgs/python/[email protected]/tornado/locale.py:142
            with open(full_path, "rb") as bf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29cf86bce879d713 Filesystem access.
pkgs/python/[email protected]/tornado/locale.py:153
        with open(full_path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1aa5ebefd76db427 Filesystem access.
pkgs/python/[email protected]/tornado/options.py:416
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9084399cc53c91c Filesystem access.
pkgs/python/[email protected]/tornado/template.py:476
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01ea24e11dc5cb9b Environment-variable access.
pkgs/python/[email protected]/tornado/testing.py:78
    env = os.environ.get("ASYNC_TEST_TIMEOUT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c1246146a44928d Environment-variable access.
pkgs/python/[email protected]/tornado/util.py:430
if os.environ.get("TORNADO_NO_EXTENSION") or os.environ.get("TORNADO_EXTENSION") == "0":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #128a56e7d43e62f3 Environment-variable access.
pkgs/python/[email protected]/tornado/util.py:438
        if os.environ.get("TORNADO_EXTENSION") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fab69fa6438c0179 Filesystem access.
pkgs/python/[email protected]/tornado/web.py:3033
        with open(abspath, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eba3eef2acde34b5 Filesystem access.
pkgs/python/[email protected]/tornado/websocket.py:1133
        data = await self.stream.read_bytes(n)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

urllib3

python dependency
expand_more 8 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #bcff7b5edee73a1e Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:15
if "READTHEDOCS" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #05a002b54754cd7a Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:76
html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abfeb75066151cbc Filesystem access.
pkgs/python/[email protected]/dummyserver/app.py:466
        return await make_response(file_path.read_bytes(), 200, headers)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2029d010c06b6a7 Filesystem access.
pkgs/python/[email protected]/dummyserver/app.py:483
    return await make_response(file_path.read_bytes(), 200, headers)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b247913fcb37b17 Filesystem access.
pkgs/python/[email protected]/src/urllib3/contrib/emscripten/fetch.py:204
        streaming_worker_code = (
            files(__package__)
            .joinpath("emscripten_fetch_worker.js")
            .read_text(encoding="utf-8")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a8073f1139327b5 Environment-variable access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:317
    if "SSLKEYLOGFILE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d11e375e4080f6bb Environment-variable access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:318
        sslkeylogfile = os.path.expandvars(os.environ.get("SSLKEYLOGFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ee3efef9f0a5c69 Filesystem access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:452
    with open(key_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

uvicorn

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #74110fdca4d2cc02 Environment-variable access.
pkgs/python/[email protected]/uvicorn/config.py:351
        if workers is None and "WEB_CONCURRENCY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ccaf87f2ceec22b Environment-variable access.
pkgs/python/[email protected]/uvicorn/config.py:352
            self.workers = int(os.environ["WEB_CONCURRENCY"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04f3f087e9ea9c4e Environment-variable access.
pkgs/python/[email protected]/uvicorn/config.py:356
            self.forwarded_allow_ips = os.environ.get("FORWARDED_ALLOW_IPS", "127.0.0.1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #575086448c5ea832 Filesystem access.
pkgs/python/[email protected]/uvicorn/config.py:393
                with open(self.log_config) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5aabb78be8b32e4 Filesystem access.
pkgs/python/[email protected]/uvicorn/config.py:404
                with open(self.log_config) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

whatthepatch

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #696b65ff77be59f1 Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:23
            with open(diff.header.old_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44888500c366769b Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:27
        with open(diff.header.new_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a297fb9c2034c4a Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:44
    with open(oldfilepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3670c1a32255c15 Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:47
    with open(patchfilepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6f5837dbb3134b3 Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:64
    with open(newfilepath) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #272c5f122ffae6a2 Filesystem access.
pkgs/python/[email protected]/src/whatthepatch/apply.py:68
        with open(rejfilepath) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07cca545a1312f6b Environment-variable access.
pkgs/python/[email protected]/src/whatthepatch/snippets.py:54
        for path in os.environ["PATH"].split(os.pathsep):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

zope-interface

python dependency
expand_more 5 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #37608fe8fce9b722 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:25
os.environ['PURE_PYTHON'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c60aa61b263dca4 Filesystem access.
pkgs/python/[email protected]/setup.py:96
    with open(os.path.join(os.path.dirname(__file__), *rnames)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f1dd5b6500a32bc Environment-variable access.
pkgs/python/[email protected]/src/zope/interface/_compat.py:45
    pure_env = os.environ.get('PURE_PYTHON')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94bfaeba973a6565 Environment-variable access.
pkgs/python/[email protected]/src/zope/interface/_compat.py:72
    pure_env = os.environ.get('PURE_PYTHON')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e65b03d221caaa32 Environment-variable access.
pkgs/python/[email protected]/src/zope/interface/ro.py:234
        val = os.environ.get(env_name, '') == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • fastmcp prod — sdist exceeds byte cap
  • playwright prod — no sdist (wheels only)
  • pillow prod — sdist exceeds byte cap
  • pybase62 prod — no sdist (wheels only)
  • rapidfuzz prod — sdist exceeds byte cap
  • types-toml prod — no python source in sdist
  • scikit-learn prod — scan budget exceeded
  • shap prod — scan budget exceeded
  • prometheus-client prod — scan budget exceeded